Remote Access Role

Question 1

What features does the Remote Access Role provide?

Answer 1

• A virtual private network (VPN) gateway where clients can connect to an organization’s private network using the Internet.
• Connect two private networks using a VPN connection using the Internet.
• A dial-up remote access server, which enables users to connect to a private network using a modem.
• Network address translation (NAT), which enables multiple users to share a single public network address.
• Provide routing functionality, which can connect subnets and control where packets are forwarded based on the destination address.
• Provide basic firewall functionality and allow or disallow packets based on addresses of source and/or destination and protocols.

Question 2

What must be disabled while configuring RRAS?

Answer 2

Windows firewall

Question 3

What are the five basic options for configuring RRAS through the wizard?

Answer 3

• Remote access (dial-up or VPN): Sets up the server to accept incoming remote access connections (dial-up or VPN).
• Network address translation (NAT): Sets up the server to provide NAT services to cli- ents on the private network that need to access the Internet.
• Virtual private network (VPN) access and NAT: Sets up the server to support incom- ing VPN connections and to provide NAT services.
• Secure connection between two private networks: Sets up a demand-dial or persistent connection between two private networks.
• Custom configuration: Enables you to choose individual services, including NAT, LAN routing, and VPN access.

Question 4

PPTP (Point-to-Point Tunneling Protocol) - 7 Key Facts

Answer 4

Uses TCP

Encrypted using MPPE

Uses optional MS-CHAPv2 keys

Uses optional EAP-TLS keys

Easy to set up

Weak encryption

TCP Port 1723, Protocol 47

Question 5

L2TP - 6 Key Facts

Answer 5

IPsec Method

Uses Pre-shared Key or Shared Secret

Encrypted with AES or 3DES

Uses IKE negotiation

UDP Port 500, 1701, 4500

Protocol 50

Question 6

IKEv2 - 5 Key facts

Answer 6

IKEv2 Internet Key Exchange

Uses IPsec ESP or AH

Encryption Keys, AES 256, AES 192, AES 128, 3DES

Supports Mobility

Supported on Win 7 and Up

Question 7

SSTP - 3 Key facts

Answer 7

Uses TCP Port 443

Passes traffic through firewalls and web proxies that block PPTP or L2TP

Uses HTTPS

Question 8

What are the two levels of authentication?

Answer 8

Computer Level - Certificates or pre-shared key

User Level - Username and Password using PPP (can be mutual)

Question 9

What authentication methods are supported by Windows 8.1 and 2012 R2?

Answer 9

PAP - Plain text authentication

CHAP - md5 hashing

MS-CHAPv2 - Provides Mutual Auth, allows expired pw change

EAP-MS-CHAPv2 - Provies mutual auth. Allows 3rd party custom auth schemes (biomedics, smart cards)

Question 10

What are alternative methods to enable logging?

Answer 10

• Execute the following command: Netsh ras set tracing * enabled
• Set the following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ EnableFileTracing=1