5.3 Flashcards
Margaret is in charge of configuring the remote access solution for her network. The network consists of a
single subnet. A DHCP server on the private network assigns IP addresses to hosts on the private network.
A single remote access server, RASSRV, provides remote access connections for 10 Windows 8 laptops.
Remote clients have access to resources on the private network through RASSRV. Margaret wants the clients
to receive their IP addresses from the DHCP server.
What should Margaret do?
Configure each client with the IP address of the DHCP server.
Configure the remote access server to use DHCP for addressing.
Configure the remote access server with a range of IP addresses that fall within the range of addresses configured on the DHCP server.
Configure the remote access policies to identify DHCP as the addressing method.
Configure RASSRV as a DHCP proxy.
Configure the remote access server to use DHCP for addressing.
You want to provide remote access using a VPN server to users in your company so that they can work from
home. Users will connect to the remote access server using a VPN connection over the Internet in order to
access all resources on the company network.
You install Windows Server 2012 R2 on a new server (Remotel) and configure it for remote access. You
configure the network policies to allow connections between 7am and 8pm.
The next day, you get a call from one of the users reporting that she can connect to the remote access
server, but can’t access any resources on the company network. You ask her to ping a server on the private
network using its IP address, but the ping fails. From the remote access server, you can access all resources
on the private network.
What should you do?
On the private network, grant remote access users permissions to resources.
In Routing and Remote Access, configure RIP and add the LAN interfaces to the routing protocol.
In Routing and Remote Access, configure a static route to the company network.
In Routing and Remote Access. enable LAN routing on the server.
In Routing and Remote Access. enable LAN routing on the server.
You want to allow Research users to connect to the private network through a VPN connection. Users will
connect to the Internet while on the road, then connect through a VPN server to the private network. All
users will use laptops that run Windows 7 or Windows 8.
You configure a Windows Server 2012 R2 server as a router and configure it to accept VPN connections.
During a random check one day, you notice that some connections are using PPTP while others are using
L2TP. You want to force all connections to use L2TP.
What should you do?
In Routing and Remote Access, edit the PPTP ports and set the number of ports to O.
On each client computer, configure L2TP as the VPN connection type.
In Routing and Remote Access, edit the Ports node. Disable remote access and demand-dial routing connections for PPTP.
In Routing and Remote Access, configure a remote access policy to accept only L2TP connections.
In Routing and Remote Access, edit the Ports node. Disable remote access and demand-dial routing connections for PPTP.
Manuela is in charge of maintaining the VPN solution for her network. The VPN server was installed about two
months ago and services a total of 25 clients. All clients run Windows 7 and Windows 8 and connect to the
VPN server through the Internet.
Occasionally, users complain that they are unable to establish a VPN connection. The problem is not isolated
to any specific user and typically goes away after the user waits for a while before trying the connection
again.
Manuela checks the VPN server and finds it is obtaining IP addresses from a DHCP server to assign to clients.
The DHCP Console shows that 30 addresses have been leased to the VPN server. A total of 20 L2TP ports are
configured on the VPN server for incoming connections.
What should Manuela do?
Decrease the IP address lease time.
Delete all L2TP ports. Manually configure PPTP ports.
Manually configure additional L2TP ports.
Configure the IP address pool with additional addresses.
Add another network card to the server to provide additional client connections.
Manually configure additional L2TP ports.
Your company has established a branch office in a nearby town, which also has a small network. The remote
office has two servers running the Windows Server 2012 R2.
You’ve been instructed to interconnect the two offices using a VPN tunnel. You install the Routing and Remote
Access service on one of the Windows Server 2012 R2 computers in your local office and on one of the
Windows Server 2012 R2 computers in the remote office. You enable the VPN service on both servers.
You can successfully ping between the two devices. However, you cannot connect to resources on the other
side of the remote access server.
What should you do? (Select two. Each answer is required for a working solution.)
Change the authentication protocol on the server to EAP-TLS.
Change the authentication protocol on the server to MS-CHAP v2.
Add certificate services to the remote access server.
Enable LAN routing on both access servers.
Configure a static route on each remote access server to the other network.
Enable LAN routing on both access servers.
Configure a static route on each remote access server to the other network.
You have been put in charge of providing a VPN solution for all members of the Sales team. Sales team
members have been issued new laptop computers running Windows 8. All remote access servers run
Windows Server 2012 R2.
Salesmen complain that with the previous VPN solution, there were many times that they were unable to
establish the VPN solution because the hotel or airport firewalls blocked the necessary VPN ports. You need to
come up with a solution that will work in most instances.
Which VPN method should you choose?
Internet Protocol Security (IPsec) in tunnel mode
Point-to-Point Tunneling Protocol (PPTP)
Layer Two Tunneling Protocol (L2TP)
Secure Socket Tunneling Protocol (SSTP)
Secure Socket Tunneling Protocol (SSTP)
You have been put in charge of providing a VPN solution for all members of the Sales team. Laptops used by
Sales team members run Windows 8. All remote access servers run Windows Server 2012 R2.
You decide to implement SSTP for the VPN solution. Your company security policy mandates that only
necessary firewall ports be opened.
What should you do?
Open UDP port 500 in the firewall
Open port 1723 in the firewall
Open port 443 in the firewall
Open port 1701 in the firewall
Open port 443 in the firewall
You are the network administrator for northsim.com. The network consists of a single Active Directory
domain. All the servers run Windows Server 2012 R2. All the clients run Windows 7 or Windows 8.
northsim.com is interested in implementing remote access for Product Specialists that travel across the
country. You install the Routing and Remote Access Service (RRAS) on a member server and configure the
server to accept VPN connections. You need to select a remote access authentication protocol. Your solution
must offer the highest degree of security.
What should you do?
You should select Challenge Handshake Authentication Protocol (CHAP).
You should select Password Authentication Protocol (PAP).
You should select Microsoft Challenge Handshake Authentication Protocol version 2 (MSCHAPv2).
You should select Extensible Authentication Protocol (EAP).
You should select Extensible Authentication Protocol (EAP).
You are the network administrator for westsim.com. The network consists of a single Active Directory
domain. All the servers run Windows Server 2012 R2. All the clients run Windows 7 or Windows 8.
westsim.com has a number of Product Specialists who travel to remote areas. The Product Specialists
complain that their Internet connections frequently fail, forcing them to reconnect to the company VPN
server. The server and the clients use the L2TP with IPSec VPN protocol. You need to improve VPN
performance by allowing the clients to automatically reconnect to the company VPN if the clients’ Internet
connection should fail.
What should you do?
Configure the VPN connection to use the Point to Point Tunneling Protocol (PPTP) VPN protocol.
Use the Connection Manager Administration Kit (CMAK) to create a service profile that will connect the Product Specialists to the company VPN.
Configure the VPN connection to use the Internet Key Exchange version 2 (IKEv2) VPN protocol.
Configure the VPN connection to use the Secure Socket Layer Tunneling Protocol (SSTP) VPN protocol.
Configure the VPN connection to use the Internet Key Exchange version 2 (IKEv2) VPN protocol.
Maria is configuring a remote access solution for her network. A single server, RASSrv, runs Windows 2012
R2 and is the remote access server. Approximately 20 remote clients, all running Windows 8, will connect to
the server.
Maria wants to use a secure remote authentication method that encrypts passwords but does not require
additional hardware. What is the most secure authentication method that Maria should use?
EAP-TLS
PAP
MS-CHAP v2
CHAP
MS-CHAP v2
You are the network administrator for a small private network. You have been providing VPN access to
company users for the past few months through a Windows Server 2012 R2 Routing and Remote Access
server.
Your company recently decided to require the strongest authentication possible to connect to the Remote
Access server. You’ve set up a certificate server and changed the authentication protocol on the server to
require certificates.
Remote users are complaining that they can no longer access the Remote Access server.
What should you do?
Change the authentication protocol on each client to MS-CHAP v2.
Change the authentication protocol on each client to EAP-TLS.
Change the remote access permissions in the user’s account to Allow Remote Access.
Change the authentication protocol on each client to PEAP EAP-TLS.
Change the authentication protocol on each client to EAP-TLS.
You are the administrator of a large network. Your company has offices in several states, as well as several
locations within the city of Chicago. Each location has its own Active Directory domain, complete with DNS
server and DHCP configuration.
You are opening a network segment for a research and development arm of the company. Communication
from this segment to the rest of the network will be using PPP. You need an authentication method that will
allow for a high degree of flexibility. It must support authentication using One Time Passwords, MD5-
Challenge, or Transport Layer Security for smart cards. Encryption is not necessary in this implementation.
Which authentication protocol should you choose?
EAP
Kerberos
IEEE 802.1x
PEAP
EAP
You are the administrator of a large Active Directory network running at Windows Server 2008 functional
level. All client computers run Windows 7 or Windows 8. Your company has offices in several states, as well
as several locations within the city of Chicago. Each location has its own Active Directory domain, complete
with DNS and DHCP servers.
The company has just opened a new office in Des Moines. You have created a new Active Directory domain to
serve Des Moines. The users in Des Moines will access many of the resources in the Chicago office, so you
create a shortcut trust between Chicago and Des Moines. This is a two-way transitive trust.
You need to choose the appropriate network access authentication protocol.
Which method should you choose?
IEEE 802.1x
Kerberos
PEAP
NTLM v2
EAP
Kerberos
You have been asked to implement a wireless solution for your company network.
To improve security, you decide to implement 802.1x authentication using smart cards and certificates for all
wireless users.
Which authentication protocol will you use?
PEAP-EAP-TLS
NTLM v2
Kerberos
MS-CHAP v2
PEAP-EAP-MSCHAP
PEAP-EAP-TLS
Your organization has recently deployed an internal Web server that needs to be accessible by users outside
your organization through the Internet.
To enable this, you decide to implement the Web Application Proxy role service and publish the internal Web
site. You do not want users to be required to enter credentials to access the internal network, but you do
want the internal Web server itself to perform authentication before allowing access to Web server content.
What option would you use in the Publish New Application Wizard to enable this configuration?
Pass-Through