Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
30 Cards in this Set
- Front
- Back
|
You have installed Routing and Remote Access on one of your servers that runs Microsoft Windows Server 2003, and you configured the server to accept a dial-up connection through a modem that is attached to the server. One of your network users successfully establishes a dial-up connection with the Routing and Remote Access server, but the user is denied access after entering the correct username and password. What could be the reason the user cannot access the network?
a. The user has not been granted permission to dial in to the network in the Dial-In tab on the user account properties page. b. The modem on the server is not configured with the dial-in user’s username and password. c. The Routing and Remote Access server is configured to allow anonymous access. d. The user account is configured with Allow Access in the Remote Access Permissions area in the Dial-In tab on the user account properties page. |
a. The user has not been granted permission to dial in to the network in the Dial-In tab on the user account properties page.
EXPLANATION: Dial-in users must have either Allow Access or Control Access Through Remote Access Policy permissions on their user accounts. In this scenario, there is no mention of a remote access policy; therefore, the appropriate user account permission is Allow Access. |
|
|
You have configured Routing and Remote Access on your Microsoft Windows Server 2003 network. Because of the sensitive nature of your business, you require all remote connections to use Microsoft Point-to-Point Encryption (MPPE) 128-bit encryption. What configuration changes must you make to require that all connections use MPPE 128-bit encryption?
a. Clear the check boxes for all other encryption types in the Encryption tab on the properties page of the remote access policy. b. No configuration change is necessary; the default settings for a remote access policy allow MPPE 128-bit encryption. c. Specify MPPE 128-bit encryption in the local security policy of the remote access server. d. Windows Server 2003 does not support MPPE 128-bit encryption. |
a. Clear the check boxes for all other encryption types in the Encryption tab on the properties page of the remote access policy.
EXPLANATION: The remote access policy Encryption tab lists all encryption types that are accepted. If you would like to allow only MPPE 128-bit encryption, you must clear all other encryption choices. |
|
|
Which protocol translates an internal private address to an external public address?
a. Transmission Control Protocol/Internet Protocol (TCP/IP) b. Network Address Translation (NAT) c. Internet Protocol Security (IPSec) d. Point-to-Point Tunneling Protocol (PPTP) |
b. Network Address Translation (NAT)
EXPLANATION: (Discussion starts on page 249.) |
|
|
Members of your promotions department travel extensively, spending at least four nights a week each in different hotels. These employees must establish a remote connection to the network each night so they can check and respond to e-mail. To minimize long-distance telephone charges, you would like the remote access server to always call back the user to establish a remote connection. How should you configure the callback options in the remote access policies?
a. Set the callback feature to the Set By Caller (Routing And Remote Access Service Only) option. b. Set the callback feature to the Always Call Back To option. c. Configure the remote access server to use the Verify Caller ID option. d. Set the callback option to No Callback. |
a. Set the callback feature to the Set By Caller (Routing And Remote Access Service Only) option.
EXPLANATION: When the callback option Set By Caller (Routing And Remote Access Service Only) is selected, the remote access server calls the remote access client at the number that the client specifies. This allows the users to connect from a different number each night, if necessary, and allows the long-distance call to be billed through the corporate phone service rather than through a more expensive hotel connection, in this case. |
|
|
You are the network administrator for a Microsoft Windows Server 2003 network. Your company has a main office in Atlanta and a small remote site located in another state. The remote site must send electronic data to the main office twice a day. Both sites have a modem and a router. Except for the two times that the remote site must transfer this data each day, there is no need for a connection between the two sites. What would be the most cost-effective method of establishing the connections that are necessary for the data transfer?
a. Establish a demand-dial routing (DDR) connection between the main office and the remote site. b. Establish a full-time leased line connection between the main office and the branch office. c. Configure a full-time Integrated Service Digital Network (ISDN) connection between the main office and the branch office. d. Use a courier service to drive the information from the branch office to the main office. |
a. Establish a demand-dial routing (DDR) connection between the main office and the remote site.
EXPLANATION: Demand-dial routing (DDR) can be used to establish dial-up connections when the sending router receives pertinent traffic. When this occurs, the router initiates a dial-up connection to the Internet or to a remote router. DDR allows for connectivity to a remote network without the cost of a full-time wide area network (WAN) link. |
|
|
You have configured demand-dial routing (DDR) on your network so that users in the main office can communicate with servers in the branch office. While working late on a project, a main office user named Maria attempts to communicate with the branch office server, but is unable to establish a demand-dial connection. Earlier that day, Maria could communicate with the same server in the branch office. Which of the following could be preventing Maria from communicating with the branch office server?
a. Maria’s logon hours are incorrectly configured. b. The dial-in hours on the remote office router are configured to allow a connection only during normal working hours. c. Maria’s password on her user account has expired. d. Maria does not have adequate permissions on her user account to access the branch office server. |
b. The dial-in hours on the remote office router are configured to allow a connection only during normal working hours.
EXPLANATION: One of the parameters that can be configured on a demand-dial interface is the dial-out hours. The dial-out hours can be used to establish when the demand-dial interface is allowed to initiate a connection. If Maria attempts to initiate a connection after the dial-out period, the connection attempt fails. |
|
|
You are the administrator of a Microsoft Windows Server 2003 network. Your company has employees that work from home. All of the employees live within your local calling area. To control access to your network, you have configured the dial-in setting on the user accounts to verify the caller ID of the connection attempt. Before this change was implemented, all authorized users could successfully dial in to the corporate network. Since implementing this new policy, nearly half of the remote users can no longer connect to the network. What is most likely the reason?
a. The remote access server does not support caller ID. b. The home telephone service for some users does not support caller ID. c. The remote users who cannot connect to the network are running Microsoft Windows 2000 Professional. d. The domain functional level of the corporate domain is set to Microsoft Windows 2000 Mixed. |
b. The home telephone service for some users does not support caller ID.
EXPLANATION: When the Verify Caller ID check box is selected, the caller, the phone system between the caller and the remote access server, and the remote access server must all support caller ID. In this scenario, the most likely reason some users cannot connect to the network is because their home telephone service does not support caller ID. |
|
|
You are the network administrator for a Microsoft Windows Server 2003 domain that has Routing and Remote Access configured. You have changed the configuration on all your domain user accounts from Allow Access to Control Access Through Remote Access Policy. Before this change, members of the Marketing, Sales, and Accounting groups could establish remote connections to the network. Members of the Marketing group, who have always been able to remotely connect to the corporate network, report that they can no longer establish a connection. Which of the following could be the reason the Marketing users cannot successfully establish a remote connection to the network?
a. The Marketing users do not have appropriate permission on their domain user accounts. b. No remote access policies have been configured on the remote access server. c. The domain functional level is set to Microsoft Windows 2000 Mixed. d. Group Policy has been applied at the OU level instead of the domain level. |
b. No remote access policies have been configured on the remote access server.
EXPLANATION: When the Control Access Through Remote Access Policy option is selected as the dial-in permission on the user account and no remote access policy is configured, the user is denied access. The default remote access policy that is used when no other policy is configured denies access to all users that are configured with Control Access Through Remote Access Policy. |
|
|
You are the network administrator for Litware, Inc. Fifty of the company’s employees work from home and must establish remote connections to the corporate network each day. Management has requested that you secure against unauthorized dial-up access to the corporate network and that you do so without purchasing any new hardware. How can you meet these requirements?
a. Enable the callback feature on the user accounts, and choose the Set By Caller option. b. Enable the callback feature on the user accounts, and choose the Always Call Back To option. Specify each user’s home phone number as the callback number. c. Configure the Routing and Remote Access service to always call back the user. d. Require the use of smart cards for remote access connections. |
b. Enable the callback feature on the user accounts, and choose the Always Call Back To option. Specify each user’s home phone number as the callback number.
EXPLANATION: Enabling the callback feature and setting it to the Always Call Back To option allows the network administrator to control when remote access connections can be initiated. Configuring the callback feature to call back remote users only at their home phone numbers adds a layer of security because an unauthorized user would have to gain access to an authorized user’s home telephone line to gain access to the network. |
|
|
Which authentication protocol must you use to support the use of smart cards?
a. Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) b. Shiva Password Authentication Protocol (SPAP) c. Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) d. Challenge Handshake Authentication Protocol (CHAP) |
c. Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)
EXPLANATION: To allow for smart cards as a means of authenticating, the remote access server must support Extensible Authentication Protocol-Transport Layer Security (EAP-TLS). |
|
|
Which command can be entered at the command prompt to display the contents of a Microsoft Windows Server 2003 routing table?
a. Route print b. Print route c. Ipconfig /all d. Show route |
a. Route print
EXPLANATION: (Discussion starts on page 254.) |
|
|
You are the network administrator for a small network that has 400 host computers that run Microsoft Windows XP Professional and five servers that run Microsoft Windows Server 2003. Your network is divided into three segments, and two of your servers are configured as routers. You would like to implement dynamic routing on your network so that the network can easily adapt to topology changes. Which routing protocol should be implemented in this network scenario?
a. Open Shortest Path First (OSPF) b. Dynamic Host Configuration Protocol (DHCP) Relay Agent c. Routing Information Protocol (RIP) d. Border Gateway Protocol (BGP) |
c. Routing Information Protocol (RIP)
EXPLANATION: Routing Information Protocol (RIP) is the recommended protocol for smaller networks with fewer than 16 routers. |
|
|
You have configured demand-dial routing (DDR) so that IP traffic addressed to the 150.10.0.0 network is allowed to establish a demand-dial connection. How can you verify that your demand-dial configuration is working properly?
a. From outside your network, issue the command Ping 150.10.0.x at the command prompt, where x represents one of the host addresses on the 150.10.0.0 network. b. Issue the Ipconfig /150.10.0.0 command at the command prompt. c. From a regular telephone, dial the phone number of the modem at either end of the connection. d. From inside of your network, issue the command Ping 150.10.0.x at the command prompt, where x represents one of the host addresses on the 150.10.0.0 network. |
d. From inside of your network, issue the command Ping 150.10.0.x at the command prompt, where x represents one of the host addresses on the 150.10.0.0 network.
EXPLANATION: The Ping command can be used to test a demand-dial connection that is configured to allow any IP traffic addressed to the 150.10.0.0 network. When the Ping command is issued, the first few packets fail until the connection is established. |
|
|
Your company has a very large network with two segments. Segment 1 has 500 Microsoft clients, all with TCP/IP configured as their addressing protocol. Segment 2 has 500 hosts configured as Netware clients that use Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) as their addressing protocol. A host on segment 1 can communicate only with another host on segment 1. A host on segment 2 can communicate only with another host on segment 2. How could you configure your network so that all host computers could communicate, regardless of the segment on which they are located?
a. Configure a router between segments 1 and 2. b. Configure a gateway between segments 1 and 2. c. Configure a layer 2 switch between segments 1 and 2. d. A host on segment 1 cannot communicate with a host on segment 2 unless all client computers run a Microsoft client operating system. |
b. Configure a gateway between segments 1 and 2.
EXPLANATION: A gateway is a device that connects different types of networks. In this example, segment 1 is a Microsoft network that uses TCP/IP, and segment 2 is a Netware network that uses IPX/SPX. For communication to exist between the two segments, a gateway must be configured. |
|
|
Which type of network connection uses a tunneling protocol to encapsulate data while it crosses a public network?
a. Dial-up connection b. Internet service provider (ISP) connection c. Virtual private network (VPN) connection d. Wireless connection |
c. Virtual private network (VPN) connection
EXPLANATION: A VPN connection provides a means of establishing a secure tunnel or connection across a public network, such as the Internet. A VPN connection uses a tunneling protocol such as Layer Two Tunneling Protocol (L2TP) or Point-to-Point Tunneling Protocol (PPTP) to encapsulate data while in transit across a public network. |
|
|
Which type of networking device sends packets between two or more networking segments?
a. Router b. Hub c. Switch d. Gateway |
a. Router
EXPLANATION: A router is an OSI layer 3 device that routes packets between network segments. A hub works at OSI layer 1 and simply repeats or retransmits data, whereas a switch operates at OSI layer 2 and switches data on the same network. A gateway is responsible for translating data between different types of networks. |
|
|
A remote access connection must be authorized before authentication can take place?
a. True b. False |
b. False
EXPLANATION: Remote access connections must be authenticated before the authorization process can take place. |
|
|
Which routing table value indicates the cost of using a specific route?
a. Cost b. Metric c. Gateway d. Netmask |
b. Metric
EXPLANATION: The metric value listed with each route indicates the cost associated with using that route. A lower metric indicates a more efficient route. |
|
|
You are the network administrator for Wingtip Toys. You configured demand-dial routing (DDR) on your network so users at the main office can communicate with users at the branch office across a point-to-point link. Your main office uses the TCP/IP addresses in the 10.0.0.0 network range, and your branch office uses TCP/IP addresses in the 192.168.1.0 network range. You would like to make sure that the demand-dial connection is established only when the router in the main office receives IP traffic that is addressed to the branch office network. How can you prevent all other traffic from initiating the demand-dial connection?
a. Create a demand-dial filter on the main office router that allows only traffic with a destination network of 10.0.0.0 to initiate a demand-dial connection. b. Create a demand-dial filter on the main office router that allows only traffic addressed to the destination network 192.168.1.0 to initiate demand-dial connections. c. Configure the router in the branch office to allow a connection only when the router receives traffic with a source network address of 10.0.0.0. d. Configure an outbound packet filter on the main office router that allows only traffic that is addressed to the 192.168.1.0 network to pass through the interface. |
b. Create a demand-dial filter on the main office router that allows only traffic addressed to the destination network 192.168.1.0 to initiate demand-dial connections.
EXPLANATION: Demand-dial filters can be used to specify which types of traffic are allowed to initiate a demand-dial connection. |
|
|
Your routing table contains the following entry. What does this route represent?
Network Destination Netmask Gateway Interface Metric 10.1.1.200 255.255.255.255 127.0.0.1 127.0.0.1 20 a. A route to the host 127.0.0.1 b. A route to any host on the 10.0.0.0 network c. A route to the host 10.1.1.200 d. A route to any host on the 127.0.0.0 network |
c. A route to the host 10.1.1.200
EXPLANATION: A route with a netmask of 255.255.255.255 indicates that it is a route to an individual host rather than a route to a destination network. |
|
|
You are the network administrator for a Microsoft Windows Server 2003 network. One of your servers that runs Windows Server 2003 is configured as a router and is connected to a digital subscriber line (DSL) link that provides Internet access to your network. You would like to ensure that no one is allowed to Telnet to devices on your network. How could you prevent Telnet traffic from entering your network without blocking other IP traffic?
a. On the router’s internal interface, configure an outbound packet filter that will pass all IP traffic except Telnet traffic on destination port 23. b. Configure your router running Windows Server 2003 to accept only data that is encrypted using IPSec. c. On the router’s external interface, configure an inbound packet filter that will pass all IP traffic except Telnet traffic on destination port 23. d. Configure Network Address Translation (NAT) on your router that runs Windows Server 2003. |
c. On the router’s external interface, configure an inbound packet filter that will pass all IP traffic except Telnet traffic on destination port 23.
EXPLANATION: Packet filters provide a means of preventing certain types of traffic from entering or leaving your network. Packet filters can allow or deny traffic based on source address, destination address, direction, and protocol type |
|
|
Your network consists of 150 client computers that are configured in a single Microsoft Windows Server 2003 domain. A DHCP server, which is configured to assign addresses in the 172.16.0.0 network, handles addressing on your network. Internet access is currently available only through two of your computers that have analog modems installed. You are interested in establishing an Internet connection for the entire network, but are concerned about protecting your internal resources. You have a multihomed server running Windows Server 2003 that connects to the Internet and to your internal network. What step could you take to hide the addresses of your internal resources, while still allowing the client computers to access the Internet?
a. Configure the router running Windows Server 2003 as a DHCP relay agent. b. Configure Routing Information Protocol (RIP) as the routing protocol on your router running Windows Server 2003. c. Do not configure client computers with an address for the default gateway. d. Configure the server running Windows Server 2003 to perform Network Address Translation (NAT). |
d. Configure the server running Windows Server 2003 to perform Network Address Translation (NAT).
EXPLANATION: Network Address Translation (NAT) is the process of translating an internal IP address to a globally unique external address. This process allows external communication without providing internal addressing information to the communicating partner. |
|
|
At which layer of the Open Systems Interconnection (OSI) model do routers function?
a. OSI layer 2 b. OSI layer 3 c. OSI layer 1 d. OSI layer 7 |
b. OSI layer 3
EXPLANATION: A router is an OSI layer 3 device that is responsible for routing packets based on OSI layer 3 addressing information. |
|
|
Your routing table has a route with a destination network address of 0.0.0.0 and a network mask of 0.0.0.0. What type of route is this?
a. A directly attached network route b. A default route c. A host route d. A remote network route |
b. A default route
EXPLANATION: A route to the destination network 0.0.0.0 with a netmask of 0.0.0.0 is a default route, which is used when the router does not contain a routing table to the destination network. |
|
|
You are configuring Routing and Remote Access on a Microsoft Windows Server 2003 network, and you would like connections to be controlled through remote access policies. On the properties page of one of your domain user accounts, you attempt to enable the Control Access Through Remote Access Policy option, but the option appears dimmed. What is most likely the reason that the Control Access Through Remote Access Policy option is unavailable for your domain user accounts?
a. No remote access policies have been configured on the remote access server. b. The domain functional level is set to Microsoft Windows 2000 Mixed. c. The domain functional level is set to Microsoft Windows 2000. d. The domain functional level is set to Microsoft Windows Server 2003. |
d. The domain functional level is set to Microsoft Windows Server 2003.
EXPLANATION: The Control Access Through Remote Access Policy option in the Dial-In tab of the user account properties page is available only when the domain functional level is set to Microsoft Windows Server 2003. (Discussion starts on page 262.) |
|
|
You are the network administrator of a routed Microsoft network. For fault tolerance, you have configured redundant links among all of your network segments. The following routes to one of your network segments are in your routing table.
Network Destination Netmask Gateway Interface Metric 192.168.1.0 255.255.255.0 10.1.1.200 10.1.1.200 20 192.168.1.0 255.255.255.0 10.2.1.200 10.2.1.200 40 Which of the following is a true statement about how traffic will be routed to and from the 192.168.1.0 network? a. All traffic destined for the 192.168.1.0 network will be routed through interface 10.1.1.200. b. All traffic destined for the 192.168.1.0 network will be routed through interface 10.2.1.200. c. All traffic destined for the 10.1.1.0 network will be routed through 192.168.1.1. d. All traffic destined for the 10.1.1.0 network will be routed through 192.168.1.2. |
a. All traffic destined for the 192.168.1.0 network will be routed through interface 10.1.1.200.
EXPLANATION: When two routes to the same network exist, the router uses the route with the lowest metric value when sending traffic to the destination network. |
|
|
Your network consists of five servers that run Microsoft Windows Server 2003 and 600 client computers. Fifty users connect to the network remotely. Thirty of the users have new portable computers that run Microsoft Windows XP Professional, and the other 20 have older portable computers that run Microsoft Windows 98. You want to use only one remote access authentication protocol on your network. Which authentication protocol should you use?
a. Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) b. Password Authentication Protocol (PAP) c. Challenge Handshake Authentication Protocol (CHAP) d. Microsoft Challenge Handshake Authentication Protocol version 1 (MS-CHAP v1) |
d. Microsoft Challenge Handshake Authentication Protocol version 1 (MS-CHAP v1)
EXPLANATION: To provide authentication for computers running Windows Server 2003, Windows XP Professional, and Windows 98, MS-CHAP v1 should be used. MS-CHAP v2 supports mutual authentication, but clients that run Windows 98 do not support MS-CHAP v2. |
|
|
You are the network administrator of a Microsoft Windows Server 2003 domain with Routing and Remote Access configured. To control remote access to your network, you have configured remote access policies for your domain that deny access to the Sales Users group. Maria, who is a member of the Sales Users group, can successfully establish a remote access connection to your network. Which of the following could be the reason that Maria can establish a connection to your network even though the remote access policy expressly denies access to the Sales Users group?
a. Maria’s user account has been granted Deny Access permission in the Dial-In tab of the user account properties page. b. Maria is also a member of the Marketing group for which the remote access policy allows access. c. Maria’s user account has been granted Allow Access permission in the Dial-In tab of the user account properties page. d. The remote access policy has not been applied using Group Policy. |
c. Maria’s user account has been granted Allow Access permission in the Dial-In tab of the user account properties page.
EXPLANATION: When you select the Allow Access option in the user account Dial-In tab, the user is allowed to connect to the network even if a remote access policy is configured that denies access. |
|
|
Microsoft Windows Server 2003 supports which two tunneling protocols?
a. Point-to-Point Protocol (PPP) b. Point-to-Point Tunneling Protocol (PPTP) c. Layer Two Tunneling Protocol (L2TP) d. Integrated Services Digital Network (ISDN) |
Correct answer: b and c
b. Point-to-Point Tunneling Protocol (PPTP) c. Layer Two Tunneling Protocol (L2TP) EXPLANATION: (Discussion starts on page 248.) |
|
|
Your network contains a server running Microsoft Windows Server 2003 using the default configuration of Routing and Remote Access. Your client computers all run Microsoft Windows 2000 Professional and are configured to use Challenge Handshake Authentication Protocol (CHAP) for authentication. All of your dial-up clients report that they are unable to establish a remote connection to the network. Which configuration changes should you make so that remote users can dial in to the network?
a. Upgrade all client computers to Microsoft Windows XP Professional. b. Configure your clients that run Windows 2000 to use Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) for authentication. c. Configure your clients that run Windows 2000 to use Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) for authentication. d. Configure your clients that run Windows 2000 to use Password Authentication Protocol (PAP) for authentication. |
c. Configure your clients that run Windows 2000 to use Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) for authentication.
EXPLANATION: Windows Server 2003 uses MS-CHAP v2 as the default authentication protocol. For a client to successfully be authenticated by a remote access server, both client and server must be configured with at least one common authentication protocol. |
