| 1. You are in the process of configuring
Routing and Remote Access Service on your network. Your
network already uses a hardware-based dial-in server that
uses a Remote Authentication Dial-in User Service (RADIUS)
computer for authentication. You have outfitted several
remote users with laptops running Windows 2000 Professional.
The smart card authentication that the remote users use
is verified by the RADIUS server.
You are about to install the Routing and Remote Access
Service on to a Windows 2000 Server computer and would
like to configure it to use the RADIUS server for authentication.
In order for the RRAS server to use the RADIUS server
to authenticate remote users with smart cards, what
protocol should you use?
A. PAP
B. CHAP
C. EAP
D. MS-CHAP
Answer: C
In order for the RRAS server to use the RADIUS server
to authenticate remote users with smart cards, you
should configure the EAP (Extensible Authentication
Protocol) protocol on the RRAS server. An EAP protocol
such as EAP-Transport Level Security (EAP-TLS) used
for authentication will enable the RRAS server to pass
any authentication message to a RADIUS server for authentication.
EAP-TLS supports smart cards.
Password Authentication Protocol (PAP) is the simplest
and least secure authentication protocol and will not
work in this scenario because it will not pass authentication
messages to the RADIUS server.
Challenge Handshake Authentication Protocol (CHAP)
is a more secure authentication protocol than PAP.
MS-CHAP is a Microsoft version of CHAP that allows
the use of Windows authentication information. Neither
of these protocols, however, will work in this scenario
because they will not pass authentication messages
to the RADIUS server.
Objective 3: "Configuring, Managing, Monitoring,
and Troubleshooting Remote Access in a Windows 2000
Network Infrastructure"
2. You are in charge of the network for a company named WesTek. The company
headquarters resides in Los Angeles. There are two branch offices,
one in Sacremento and one in San Francisco. Currently you have a network
under the domain name WesTek.com. The L.A. office has one DNS server
that hosts the standard primary zone for the domain. The branch offices
do not have DNS servers. Users at the branch offices have complained
that access to the Los Angeles office resources is especially slow.
You have responded by delegating subdomains to each
branch office. Then you install a DNS server in each
branch office and configure them to host standard primary
zones for their subdomains. You also configure the
DNS servers to query the other DNS servers in your
company's network for domain information not found
locally. Next you configure the DNS clients in each
branch to only query the DNS server in their subdomain.
What have your actions accomplished? (Choose all that
apply)
A. You have stopped name resolution traffic between
the branch offices and the headquarters.
B. You have reduced query response time.
C. Keep zone traffic to a minimum.
D. You have reduced administrative overhead.
Answer: B, C
By adding DNS servers to host standard primary zones
at the branch offices and configuring the DNS clients
to only query the DNS server in their subdomain, you
have effectively reduced query response time and kept
zone traffic to a minimum. With no standard secondary
zones existing in your network, no zone will transfers
occur (zone transfers occur between standard primary
zones and their child secondary zones).
You have not stopped name resolution traffic between
the branch offices and the headquarters, because each
DNS server has been configured to transfer queries
that it cannot answer to the other DNS servers.
By delegating subdomains for each branch office and
then installing DNS servers in each branch office,
you have created the need for additional network administrators
(one in each branch office to maintain the local primary
zone). Therefore the statement that you have reduced
administrative overhead is incorrect.
Objective 1: "Installing, Configuring, Managing,
Monitoring, and Troubleshooting DNS in a Windows 2000
Network Infrastructure"
3. The network you administer consists of one main
office and four branch offices in various locations
around the country. You have just implemented a special
custom Windows 2000 network application on the entire
network. A special protocol has been developed to allow
users to access this application over the network.
Since the protocol for the custom application is new,
you wish to monitor it closely to detect any bugs.
The application comes with a .dll file so that you
can use Windows Network Monitor to analyze the protocol,
but Network Monitor must first be configured for this
purpose.
Which of the following actions will enable you to
use the Network Monitor to analyze the new protocol?
(Select 2 choices)
A. Copy the .dll file to the Netmon\Captures folder.
B. Copy the .dll file to the Netmon\Parsers folder.
C. Add the .dll's file name to the System.ini file.
D. Add the .dll's file name to the Parsers.ini file.
Answer: B, D
To enable you to use the Network Monitor to analyze
the new protocol, you should copy the .dll file to
the Netmon\Parsers folder and add the .dll's file name
along with other information to the Parsers.ini file.
The Parsers.ini file is located in the Netmon folder.
Having the .dll file in the Netmon\Parsers folder along
with adding .dll's file name added to the Parsers.ini
file will allow you to view and/or capture information
about the new protocol and therefore detect any problems
or bugs that it may have while being used with the
custom network application.
The Netmon\Captures folder is used for storing capture
filters that have been created for use with Network
Monitor. Copying the .dll file to the Netmon\Captures
folder is not one of the steps necessary to enable
you to use the Network Monitor to analyze the new protocol.
Adding the .dll's file name to the System.ini file
is not one of the steps necessary to enable you to
use the Network Monitor to analyze the new protocol.
Objective 4: "Installing, Configuring, Managing,
Monitoring, and Troubleshooting Network Protocols in
a Windows 2000 Network Infrastructure"
4. The network you administer has several Windows 2000 Server machines,
a Legacy UNIX server, and a group of Windows 2000 Professional machines.
DHCP is not running on the network. One of the Windows 2000 Server
machines is configured as a DNS Server. Users on the network are reporting
an inability to access resources on the UNIX server using its host
name. Using ping and tracert you are unable to reach the UNIX server
by its host name. However, you are able to reach it using its IP address,
as well as resolve its host name from its IP address.
What should you do to enable users to access resources
on the UNIX server using its host name?
A. Create a pointer (PTR) resource record for the
UNIX server.
B. Reboot the DNS server.
C. Create an address (A), or host, resource record for the UNIX server.
D. Create a standard secondary zone on the UNIX server.
Answer: C
An address (A), or host, resource record maps a host
name to its IP address. The users on your network are
unable to access the UNIX server using its host name,
and using the ping and tracert tools with the UNIX
servers host name have failed as well. It follows that
there must not be a host (A) resource record for the
UNIX server. The solution is to create one manually
since the UNIX server does not support dynamic updates.
A pointer (PTR) resource record maps an IP address
to its host name. Since you were able to resolve the
UNIX server's host name from its IP address, there
must be pointer (PTR) resource records for the UNIX
server.
Rebooting the DNS server would not enable users to
access the resources on the UNIX server using its host
name.
Creating a standard secondary zone on the UNIX server
would not accomplish your goal in this scenario.
Objective 1: "Installing, Configuring, Managing,
Monitoring, and Troubleshooting DNS in a Windows 2000
Network Infrastructure"
5. You administer a network in which several users
work from home and require access to the network. Therefore,
you install the Routing and Remote Access Service (RRAS)
onto a Windows 2000 server. The remote policies for
your network have all been configured to use Microsoft
Challenge Handshake Authentication Protocol version
1 (MS-CHAP v1) or MS-CHAP v2 for authentication.
After some time, you decide to upgrade the security
by modifying the remote access policies so that they
require 40-bit encryption for all connections. Portions
of the remote users are using Windows NT Workstation
4.0 Service Pack 3 (SP3) computers. Some of these users
can no longer connect to the RRAS server.
Which of the following actions should enable these
users to connect to the RRAS server?
A. Configure the users to transmit passwords in plain
text.
B. Assign a short password to each of the remote users.
C. Establish VPNs for each of the remote users.
D. Configure the remote users to use PAP.
Answer: B
In order for the users to connect to the network,
you should assign each of the users a short password.
When you modified the remote access policies so that
they require 40-bit encryption, it is likely that you
inadvertently caused some of the users passwords to
stop working. MS-CHAP v1 uses the users password to
create a connection encryption key. When MS-CHAP v1
is configured to use 40-bit encryption, users passwords
cannot use more than 14 characters. Therefore, assigning
shorter passwords for the users should enable them
to connect to the network.
Configuring the users to transmit passwords in plain
text, which is the same thing as configuring the users
to use PAP, would not enable them to connect to the
network.
In this scenario, establishing VPNs for the remote
users would make no difference in the users ability
to connect to the network.
Objective 3: "Configuring, Managing, Monitoring,
and Troubleshooting Remote Access in a Windows 2000
Network Infrastructure"
|
