You work as the network administrator at certifyme.com. The certifyme.com
network consists of a single Active Directory domain named certifyme.com. All
servers on the certifyme.com network run Windows Server 2003 and some run
Windows 2000 Server and all client computers are laptop computers that run
Windows XP Professional.
At certifyme.com there are two Routing and Remote Access servers named
certifyme-SR02 and certifyme-SR05 respectively. The Routing and Remote
Access servers are configured to accept connection requests through VPN and
dial-up connections. The laptop client computers of the certifyme.com domain
currently make use of the MS-CHAP v2 protocol for authenticating to the network.
Leading the way in IT testing and certification tools, www.certifyme.com
- 9 -
A new certifyme.com written security policy requires centralized remote connection
authentications. The policy further states that all remote connections to the
certifyme.com corporate network authenticate using smart cards ensuring the data is
encrypted with L2TP with IPSec. 350-001 To this end you have received instruction from the
CIO to comply with the security policy. You thus need to plan a new design for both
VPN and dial-up connections.
What should you do?
A. An IAS server and VPN server must be added to the domain.
certifyme-SR02 and certifyme-SR05 and the new VPN server must be configured
to use the IAS server for authentication and make use of the EAP-TLS protocol for
authentication on the IAS server
B. An additional VPN server must be added to the domain.
certifyme-SR02 and certifyme-SR05 must be configured to use the new VPN
server for authentication and make use of the EAP-TLS protocol for authentication on the
VPN server.
C. An additional IAS server and VPN server must be added to the domain.
certifyme-SR02 and certifyme-SR05 and the new VPN server must be configured
to use the IAS server for authentication and make use of the MS-CHAP v2 protocol for
authentication on the IAS server. 640-802
D. An additional VPN server must be added to the domain.
certifyme-SR02 and certifyme-SR05 must be configured to use the new VPN
server for authentication and make use of the MS-CHAP v2 protocol for authentication
on the VPN server.
Answer: A
Explanation: In the scenario you are required to use smartcards authentication and
this will be achieved by adding the additional IAS server to the domain and
configuring your Routing and Remote Access Service servers to use the added IAS
server which should be configured to use EAP-TLS for authentication as this
protocol supports the use of smartcards.
Incorrect Answers:
B: The problem with this implementation is that the authentication will not be centralized
as the scenario state it is imperative authentication is centralized.
C: There is only one problem in this option and that's the use of MS-CHAP v2 as this
protocol does not support smartcard authentication.
D: The problem with this implementation is that the authentication will not be centralized
as the scenario state it is imperative authentication is centralized. VCP-310
Leading the way in IT testing and certification tools, www.certifyme.com
- 10 -
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment