Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Size: px
Start display at page:

Download "Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure"

Transcription

1 Question Number (ID) : 1 (jaamsp_mngnwi-088) You are the administrator for medium-sized network with many users who connect remotely. You have configured a server running Microsoft Windows Server 2003, Enterprise Edition with Routing and Remote Access. The remote users are all members of a global security group named "Remote," and you have configured a policy to allow this group VPN access after hours and on weekends. All of the remote users have been given laptop computers running a mix of Windows XP Professional and Windows 98 Second Edition. To enhance security, you have configured the server to only accept L2TP connections with data encryption. Some of the remote users are reporting that they cannot connect to the server, and receive the message "Error 678: The remote computer did not respond." What should you do to allow all the users to connect? 1. Configure the server to accept PPTP connections, and configure a sufficient number of PPTP ports. <Correct> 2. Verify that all the laptop computers are configured to use L2TP. 3. Configure the server to allow connections during all hours. 4. Install the Remote Desktop Client on all of the computers running Windows 98 Second Edition. Windows 98 Second Edition does not by default support the use of L2TP. You must configure the server to accept PPTP connections, install the latest client from Microsoft, or upgrade the laptop computers. The laptop computers that are running Windows 98 will not be able to use L2TP. The connection times are not the problem indicated by the error message. Connections attempted during restricted times receive "Error 649: The account does not have permission to dial in." Installing the Remote Desktop Client software will not permit the users to connect. The Remote Desktop Client uses RDP (Remote Desktop Protocol) to connect to a server running Terminal Services. Troubleshoot client access to remote access services. - Diagnose and resolve issues related to remote access VPNs. Virtual Private Networking Virtual private networking clients docs/datacenter/sag_rass_clients_vpn.asp

2 Question Number (ID) : 2 (jaamsp_mngnwi-082) Jim is the administrator for a medium sized network consisting of 13 servers running Microsoft Windows Server 2003, Standard Edition, and 400 computers running Microsoft Windows XP Professional. His network is connected to the Internet through a T1 line coming in through a hardware firewall. He would like to configure a DMZ (Demilitarized Zone), with one of the servers acting as the internal firewall, to host various Internet services. He has installed a second network card on the server, and has renamed the connections "Inside" and "Outside." He has attached the "Outside" connection to a switch that connects to the firewall and the "Inside" connection to the LAN switch. He would like to allow into the LAN only traffic that originates from the DMZ servers configured with proxy services and services. How should Jim configure his connections? 1. Configure the "Outside" connection's Inbound Filters to allow any packets from the proxy/ server. <Correct> 2. Configure the "Outside" connection's Inbound Filters to disallow any packets from the proxy/ server. 3. Configure the "Inside" connection's Inbound Filters to allow any packets from the proxy/ server. 4. Configure the "Inside" connection's Inbound Filters to disallow any packets from the proxy/ server. Configuring the Input Filter on the "Outside" connection to allow all packets from the proxy/ server will allow only traffic from the DMZ originating from the proxy/ server. Configuring the Input Filters on the "Inside" connection will not have any effect. No packets from the proxy/ server will be coming into this port. Disallowing this traffic will block access to the proxy/ server. Configuring the Input Filters on the "Inside" connection will not have any effect. No packets from the proxy/ server will be coming into this port. Manage TCP/IP routing. - Manage routing ports. TCP/IP Port Filtering docs/server/wsa_hmws_pfabout.asp

3 Question Number (ID) : 3 (ebcmsp_mngnwi-028) You are the network administrator for your company's Active Directory network. The servers in your organization are running Microsoft Windows Server The client computers are running Microsoft Windows XP Professional and Microsoft Windows 2000 Professional. You have configured one of your servers to accept inbound remote VPN connections. You only want to allow members of the sales department to be able to connect to the corporate network through the VPN server. The sales department has its own OU that contains all of the sales users and computers. All of the Sales users are members of the Sales global group. You have removed the default Remote Access Policy. From the list on the right, select the tasks that would allow you to provide this solution in the most efficient way. Place your selections in the list on the left by clicking the items in the list on the right and clicking the arrow button. You may not need to use all of the items from the list on the right. To provide this solution, you must allow only the members of the Sales group to dial in. You use a Routing and Remote Access Policy to control which users can connect to the VPN server and the settings that apply to each connection. A RRAS policy must be created on the VPN server, or if RADIUS is being used, then on the IAS server. The RRAS Policy should only allow access if the user is a member of the Sales global group. Once the default RRAS Policy has been replaced with the new policy, the dial-in property sheet of users in the Sales group must be set to control remote access through a Remote Access Policy. If the dial-in properties of users in the Sales group were set to allow access, they would not be allowed access because the default policy is not being used. A GPO cannot be used to configure the dial-in settings on the property sheet of a user. Configure Routing and Remote Access user authentication. - Configure Routing and Remote Access policies to permit or deny access. Introduction to Remote Access Policies docs/entserver/sag_rap_intro.asp

4 Question Number (ID) : 4 (jaamsp_mngnwi-094) Kyle is the administrator for a large network. He is setting up network connectivity between a new location and the company headquarters across the Internet using demand-dial routing. He has a server in each location running Microsoft Windows Server 2003, Enterprise Edition with Routing and Remote Access configured. He created a Demand-dial interface on the server in the new location, which will not connect to the server at the headquarters location. Kyle received an error message stating "Access was denied because the username and/or password was invalid on the domain." What are the first steps Kyle should take to resolve this problem? 1. Verify that the user account used by the Demand-dial interface has permissions to dial in. 2. Verify that the credentials used by the Demand-dial interface are correct. <Correct> 3. Verify the VPN protocol used on both servers. 4. Check the authentication protocol settings on both servers. 5. Check the data encryption settings on both routers. 6. Verify that the username used by the Demand-dial interface is correct. The error message indicates the issue concerns the user account credentials (both username and password) used for authenticating the Demand-dial connection. A lack of dial-in permissions does not produce the given error message. Authentication protocols are not indicated by the error message. Both the username and the password should be checked. Data encryption is indicated by the error message. The VPN protocols are not indicated by the error message. Troubleshoot Routing and Remote Access routing. - Troubleshoot demand-dial routing. Deployment Overviews and Guidelines Virtual Private Networking with Windows 2000: Deploying Remote Access VPNs vpndeply.asp

5 Question Number (ID) : 5 (jaamsp_mngnwi-081) You are the administrator of a medium-sized network. You have configured one server that is running Microsoft Windows Server 2003, Enterprise Edition with Routing and Remote Access to connect to the Internet. Your office has a primary Internet connection through a fractional T1 line, and a secondary Internet connection through an ISDN line. You have configured a Demand-dial connection for the ISDN connection, but want to ensure that it is only used if the T1 line should go down. How should you configure the ports to use the ISDN only when the T1 line fails? 1. Configure the ISDN Demand-dial connection with a lower metric than the T1 connection. 2. Configure the ISDN Demand-dial connection with a higher metric than the T1 connection. <Correct> 3. Configure the ISDN Demand-dial connection with the same metric as the T1 connection. 4. Configure the T1 Demand-dial connection with a higher metric than the ISDN connection. Configuring the Demand-dial ISDN connection with a higher metric than the T1 connection will send traffic through the T1 connection unless this connection is unavailable. Configuring the ISDN connection with a lower metric than the T1 will make the ISDN the preferred connection, and will send all traffic through the ISND unless the ISDN connection is not available. Configuring both connections with the same metric would send traffic through both connections in a round-robin sequence. Configuring the T1 connection with a higher metric than the ISDN will make the ISDN the preferred connection, and send all traffic through the ISND unless the ISDN connection is not available. Manage TCP/IP routing. - Manage routing ports. Understanding Unicast Routing IP routing protocols docs/entserver/sag_rras-ch2-adv_4.asp

6 Question Number (ID) : 6 (ebcmsp_mngnwi-031) You are the network administrator for your company's Active Directory network. The servers in your organization are running Microsoft Windows Server The client computers are running Microsoft Windows XP Professional and Microsoft Windows 2000 Professional. You have recently implemented numerous IP subnets. You have connected the subnets with routers. The routers are servers running Windows Server 2003 with Routing and Remote Access enabled. The client computers on each subnet are configured with the proper IP settings. The client computers can communicate with other computers that are connected to the same router. However, client computers that are two or more hops away cannot be connected to. In the following exhibit, click the routing protocol that can be used to help resolve this problem in the easiest way. The problem in this question is that client computers two or more hops away cannot be communicated with. This is because the remote routers do not know how to get a packet back to the originating host. To resolve this, each of the routing tables must have entries made that will allow a packet to be sent to a network two or more hops away. You can sit at each router and statically enter the appropriate entries or implement the Routing Information Protocol (RIP). RIP is used to dynamically update routing tables. After all of the routers have RIP installed and an interface has been added to RIP, the routing tables will automatically be updated by the other routers, which in turn will allow the client computers to communicate. Manage remote access. - Manage routing protocols. Manage Routing Protocols docs/entserver/mpr_node23.asp

7 Question Number (ID) : 7 (jaamsp_mngnwi-087) Mike is the administrator for a medium-sized network. His company has recently merged with a rival company, and Mike must configure network connectivity between the two networks. His original network uses public IP addresses in the /24 address range, with 15 servers running Microsoft Windows Server 2003, Enterprise Edition, and 150 computers running a mix of Microsoft Windows XP Professional, Microsoft Windows 2000 Professional, and Microsoft Windows 98 Second Edition. The network he must connect to uses private IP addresses in the /24 range and has eight servers running Microsoft Windows Server 2003, Standard Edition, with 100 computers running Microsoft Windows XP Professional. Each network currently has a separate Active Directory forest, and there are plans to merge the forests within the next six months. He would like to securely connect these networks across the Internet. What would be the most secure way for Mike to secure the WAN connection? 1. Each connection should use PPTP. 2. Each connection should use IPSec in with certificate authentication. 3. Each connection should use L2TP with the default Kerberos authentication. 4. Each connection should use L2TP with pre-shared key authentication. <Correct> Since one of the networks uses private IP addresses, the connection must provide protocol encapsulation. L2TP should be used in this situation, because it has stronger encryption than PPTP. Since each network has its own Active Directory forest, the default authentication type, Kerberos, cannot be used. Certificate or pre-shared key authentication must be used in this situation. Since one of the networks uses private IP addresses, protocol encapsulation must be provided, which IPSec does not support. PPTP is less secure than L2TP. Since each network has its own Active Directory forest, the default authentication type, Kerberos, cannot be used. Certificate or shared key authentication must be used in this situation. Provide secure access between private networks. Planning for Router-to-Router VPNs Router-to-router VPN design considerations docs/server/sag_rras-ch3_09b.asp

8 Question Number (ID) : 8 (wmpmsp_mngnwi-080) You are an administrator for an organization that has a network with a server running Microsoft Windows Server 2003 and 200 client computers running Windows 2000 Professional. According to the organizational networking plan, 25 mobile computer users will need remote access to the network. All of the mobile client computers are running Windows 2000 Professional. You configure the server to run the Routing and Remote Access service. What should you do to configure the remote access server to use IAS for authentication? 1. On the General tab, select the check box to Enable this computer as a router. 2. On the Security tab, select Windows Authentication from the drop-down list under Authentication provider. Then click the Configure button to configure the IP address of a Windows Authentication server. 3. On the Security tab, select RADIUS Authentication from the drop-down list under Authentication provider. Then click the Configure button to configure the IP address of a RADIUS server. <Correct> 4. On the Security tab, select Windows Accounting from the drop-down list under Accounting provider. Then click the Configure button to configure the IP address of a Windows Accounting server. To configure the remote access server to use Internet Authentication Service (IAS) for authentication, you should go to the Security tab and select RADIUS Authentication from the drop-down list under Authentication provider. Then you should click the Configure button to configure the IP address of a RADIUS server to use. You should not select the Windows Authentication option. Doing so will prevent you from using IAS for authentication. Whether or not you select the Windows Accounting option does not affect the type of authentication used. If you want to use IAS for accounting, you should select the RADIUS accounting option. If you enable the computer as a router from the General tab, this does not affect the type of authentication used. You should have the Remote Access server option selected on the General tab to be able to use IAS for authentication. Configure Routing and Remote Access user authentication. - Configure Internet Authentication Services (IAS) to provide authentication for Routing and Remote Access clients. Internet Authentication Service

9 Question Number (ID) : 9 (ebcmsp_mngnwi-041) You are the network administrator for your company's Active Directory network. The servers in your organization are running Microsoft Windows Server The client computers are running Microsoft Windows XP Professional and Microsoft Windows 2000 Professional. You have recently opened a branch office. The network now consists of corporate headquarters and the branch office. You want to connect the branch office with the corporate headquarters using computers running Windows Server Both locations have a T1 connection to the Internet. You configure Routing and Remote Access on a server at each location to allow L2TP connections. However, the client computers at the branch office cannot connect to the computers at corporate headquarters. To begin the troubleshooting process, you have decided to disable Routing and Remote Access on each server and then begin by reconfiguring each server. From the list on the right, select the steps that are necessary to allow the branch office computers to connect to the corporate headquarters computers. Place your selections in the list on the left by clicking the items in the list on the right and clicking the arrow button. You may not need to use all of the items from the list on the right. The steps that are necessary to allow the client computers at the branch office to connect to computers at corporate headquarters are: 1) Configure a server at corporate headquarters to receive L2TP connections. This is accomplished by configuring RRAS to allow VPN connections that use L2TP. 2) Configure a server at the branch office to initiate an L2TP connection to the VPN server at corporate headquarters. This can be done in the Network Connections application. 3) Finally, initiate the connection at the branch office by attempting to send a packet to a computer at corporate headquarters. Since the connections are going from the branch office to corporate headquarters, you do not need to configure a server at the branch office to receive L2TP connections. If the corporate headquarters computers needed to connect to branch office clients, then this would be necessary. That is also the reason that a connection does not need to be created to initiate an L2TP session from corporate headquarters to the branch office. Troubleshoot Routing and Remote Access routing. - Troubleshoot router-to-router VPNs. Deploying router-to-router VPNs docs/entserver/sag_rras-ch3_09.asp

10 Question Number (ID) : 10 (ebcmsp_mngnwi-039) You are the network administrator for your company's Active Directory network. The servers in your organization are running Microsoft Windows Server The client computers are running Microsoft Windows XP Professional and Microsoft Windows 2000 Professional. You have configured one of your servers to accept inbound VPN connections. The remote VPN client computers can connect to the VPN server but cannot access any resources beyond the VPN server. The corporate LAN is a single subnet that uses Layer 2 switches to connect the client computers. In the exhibit below, click on the area of the dialog box that will allow you to provide a solution to the problem. In this scenario, remote users can use a VPN connection to access resources on the local network. The problem in this question is that the users cannot access any resources that sit behind the VPN server. To allow remote clients to access resources behind the VPN server, you must enable IP routing on the IP property sheet located in the properties of the RRAS server. With this option not selected, remote users can access resources only on the VPN server. With this option enabled, remote clients can access resources behind the VPN server. Troubleshoot client access to remote access services. - Diagnose and resolve client access to resources beyond the remote access server. Remote Access VPN Deployment docs/entserver/sag_vpn_us08.asp

11 Question Number (ID) : 11 (wmpmsp_mngnwi-104) You are an administrator for an organization that has Routing and Remote Access (RRAS) configured as a router on the corporate network. The calling router successfully makes a connection to the answering router on another network. Users complain that they cannot connect to hosts on the remote network. From the list on the right, select the possible causes of the problem. Place your selections in the list on the left by clicking on the items in the list on the right and clicking on the arrow button. You may not need to use all of the items from the list on the right. The appropriate demand-dial interface must be added to the protocol being routed. If the user name of the credentials for the calling router does not match the name of a demand-dial interface on the answering router, the answering router will not be able to determine whether the call is coming from a router or remote access client. Static routes must be configured on the user account of the calling router. Packet filters configured for the policy of the remote access connection can prevent the proper flow of TCP/IP data on the demand-dial connection. If the demand-dial interface were disabled, the connection to the answering router could not be established. If dial-out hours and demand-dial filtering were not configured properly, the connection to the answering router could not be established. Troubleshoot Routing and Remote Access routing. - Troubleshoot demand-dial routing. Routing and Remote Access Troubleshooting demand-dial routing

12 Question Number (ID) : 12 (wmpmsp_mngnwi-087) You are the administrator for an organization that has a medium-sized network infrastructure of 25 interconnected network segments, both local and remote. You need to periodically manage the routing tables and routing protocols to ensure that any added or deleted network segments are included or removed from the routing tables of the organization's routers to ensure continued operation of the network. Network segments are added and deleted often. You recently notice a decrease in performance connecting to remote network segments. Which task should you perform to determine the cause of the problem? 1. Examine the static routing tables. 2. Run the pathping command. <Correct> 3. Change the maximum hop count threshold on the RIP protocol. 4. Check the values of the default gateways assigned in the static routing tables. The pathping command is used to determine where loss and latency is occurring on an internetwork. The pathping command sends Internet Control Message Protocol (ICMP) Echo Requests to each router between a local and remote host over a period. The statistics are calculated to determine where an internetwork bottleneck might be occurring. The Routing Information Protocol (RIP) has the feature of a maximum hop count setting. This almost completely prevents routing loops from occurring. It cannot be used to detect problems, but it can be used to improve performance. Examining the static routing tables will take more time than running the pathping command and may not readily help you determine the cause of the problem. Checking the values of the default gateways in the static routing tables may not readily help you determine the cause of the problem. You will need to analyze the static routing tables in detail, which may take a lot of time. Manage TCP/IP routing. - Manage routing protocols. Routing and Remote Access Managing routing from the command line Routing and Remote Access The RIP-for-IP environment

13 Question Number (ID) : 13 (jaamsp_mngnwi-076) Eric is the administrator for a growing travel agency. He currently has two servers running Routing and Remote Access services on Microsoft Windows Server 2003, Standard Edition, for VPN connectivity to telecommuters. All of the servers are configured with the same remote access policy. He has recently created two policies on each of the servers to reflect changes in his company's security policy. The "Telecommuters" policy allows users who are members of the Telecommute group to gain access, and the "Deny All" policy restricts anyone else from connecting. Since implementing these policies, none of the members of the Telecommute group have been able to use the VPN. In the following graphic, click the area that is preventing the telecommuters from connecting. Remote access policies are applied in order, from top to bottom. The first policy that matches the criteria of the incoming connection is applied. Since the "Deny All" policy will be checked before the "Telecommuters" policy, the "Deny All" policy will match with the connection criteria and be applied, denying access. Changing the order to have the "Telecommuters" higher in the order will match the criteria of the policy if the user connecting is a member of the Telecommute group. If the user connecting is not a part of the Telecommute group, then the policy will not be applied and the next policy will be checked, denying the user access. The first policy listed is the default policy, which is meant to deny access from other Microsoft Remote Access servers to lock down server-to-server connections by default. This policy will not affect client connections, as they do not match the criteria listed. Configure Routing and Remote Access user authentication. - Configure Routing and Remote Access policies to permit or deny access. Remote Access Policies Introduction to remote access policies docs/server/sag_rap_intro.asp

14 Question Number (ID) : 14 (wmpmsp_mngnwi-083) You are the administrator for an organization that uses multiple computers configured as routers running Microsoft Windows Server The requirements for the organization change, and you need to make changes to the routing interfaces. How can you set up one of the routers to have a point-to-point persistent connection to a remote router? (Choose all that apply.) 1. Right-click Network Interfaces, and then click New Demand-dial Interface. Complete the steps in the Demand Dial Interface Wizard. <Correct> 2. From the IP tab of the server properties, select the Allow IP-based remote access and demand-dial connections check box. <Correct> 3. Right-click the Remote Router interface, and then click Properties. From the Options tab, select the Persistent connection radio button. <Correct> 4. From the IP tab of the server properties, select the Enable broadcast name resolution check box. 5. From the PPP tab of the server properties, select the Multilink connections check box. 6. From the PPP tab of the server properties, select the Link control protocol (LCP) extensions check box. If you want a point-to-point persistent connection to a remote router, you should set up a demand-dial interface. A demand-dial interface is a logical interface for a point-to-point connection. Demand-dial connections can be persistent, which means the connection stays in a connected state after it is established. To establish this type of connection on a Routing and Remote Access server running Windows Server 2003, you should select the Allow IP-based remote access and demand-dial connections check box from the IP tab of the server properties. You then configure the remote router interface by right-clicking Network Interfaces, and then clicking New Demand-dial Interface. Complete the steps in the Demand Dial Interface Wizard. To configure the router interface to have a persistent connection, right-click the Remote Router interface, and then click Properties. From the Options tab, select the Persistent connection radio button. Other remote router options can be configured using the General, Security, or Networking tabs. After you have configured routing interfaces, you can view their configurations by clicking Network Interfaces in Routing and Remote Access. Selecting the Enable broadcast name resolution check box does not configure a point-to-point router connection. Selecting the Multilink connections check box does not configure a point-to-point router connection. Selecting the Link control protocol (LCP) extensions check box does not configure a point-to-point router connection. Manage remote access. - Manage Routing and Remote Access routing interfaces. Manage Routing Interfaces Add a demand-dial Interface

15 Question Number (ID) : 15 (wmpmsp_mngnwi-100) You are an administrator for an organization that has servers running Microsoft Windows Server Users on the network have not reported any problems with local network connectivity. All remote access client computers are running Microsoft Windows 2000 Professional or above. The RAS server is denying access to one of the remote access client computers. You confirm that the remote access client computers and the VPN server are configured to use the same authentication protocols. What could be the cause of the problem? (Choose all that apply.) 1. The client computer is using the wrong operating system. 2. The RAS server is configured to deny access to the user on this client computer. <Correct> 3. A remote access policy has not been established. 4. The user is entering the wrong username and password. <Correct> 5. The RAS server is not started. If only one of the remote access client computers is being denied access to the remote access server, the problem is most likely with the configuration of this particular client computer. If the wrong username and password are being entered, the remote access server will deny access. If the remote access policy for this remote access server is configured to deny access to the user attempting to log in, or if the user account settings on the server are configured to deny access, this particular remote access client computer will not be able to log in. If the remote access server were not started, none of the client computers would be able to log in. The client computers are using operating systems that are compatible with being able to log in to the remote access server. Not having a remote access policy would not prevent a single client computer from making a remote access connection. Troubleshoot client access to remote access services. - Diagnose and resolve issues related to establishing a remote access connection. Troubleshooting Remote Access

16 Question Number (ID) : 16 (ebcmsp_mngnwi-037) You are the network administrator for your company's Active Directory network. The servers in your organization are running Microsoft Windows Server The client computers are running Microsoft Windows XP Professional and Microsoft Windows 2000 Professional. You have a remote access infrastructure in place that allows your remote users to connect to the corporate LAN to retrieve their . The client computers and the VPN server are configured to use PPTP. You recently deployed a firewall to protect the network. The graphic exhibit below shows the network configuration. Now the remote client computers can no longer connect to the VPN server. From the list on the right, select the steps that are necessary to allow the remote client computers to connect to LAN2. Place your selections in the list on the left by clicking the items in the list on the right and clicking the arrow button. You may not need to use all of the items from the list on the right. VPN connections use TCP ports 1723 and 47. TCP port 500 is used for IPSec. TCP port 80 is used by Web servers. TCP port 8080 is the port that Microsoft ISA server uses to listen for client requests. Troubleshoot client access to remote access services. - Diagnose and resolve issues related to remote access VPNs. Expanding and Securing Remote Access Clients /deploy/netdepl/ndgch06.asp

17 Question Number (ID) : 17 (wmpmsp_mngnwi-094) You are the administrator for the Human Resources (HR) department of your organization. Some members of the HR department connect to the local LAN using a virtual private network (VPN) with a high-bandwidth connection. You need to implement the highest level of security for all corporate financial transactions. All of the servers on your network are running Microsoft Windows Server All of the workstation computers are running Microsoft Windows 2000 Professional. Active Directory directory service and a certificate infrastructure are implemented on the network. Which authentication method should you implement for the highest security? 1. MS-CHAP v2 2. EAP-TLS <Correct> 3. IPSec 4. PPTP Extensible Authentication Protocol-Transport Level Security (EAP-TLS) provides the most robust form of authentication when used over a VPN. Internet Protocol Security (IPSec) is a security protocol not directly used for authentication, but instead it is used to secure data transmissions. Point-to-Point Tunneling Protocol (PPTP) is a protocol that supports VPNs, allowing remote users to access network securely across the Internet. PPTP encapsulates data inside IP packets. It is not used for authentication. Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) v2 is an authentication protocol, but it is not used in conjunction with smart cards or certificates. Provide secure access between private networks. Network Connections Enhanced security through VPN

18 Question Number (ID) : 18 (ebcmsp_mngnwi-036) You are the network administrator for your company's Active Directory network. The name of the domain is contoso.com. The servers in your organization are running Microsoft Windows Server The client computers are running Microsoft Windows XP Professional and Microsoft Windows 2000 Professional. Your company has two separate locations, each configured as an Active Directory site. Domain controllers for contoso.com are configured at each site. At each location, a server running Windows Server 2003 is configured to allow inbound connections using a VPN. You are concerned about the security of data that being is transferred between the two locations. You want to implement the highest level of security when data is transferred between the locations. You do not want to affect the performance of client machines at each location. The graphic exhibit shows the network. From the list on the right, select the steps to configure the security settings that are necessary to provide a solution. Place the selection in the list on the left under the appropriate node by clicking the item from the list on the right, clicking the appropriate node, and then clicking the arrow button. You may use the items from the list on the right more than once, and you do not have to use each item from the list. To provide this solution, you must enable IPSec Policies on the VPN servers and specify that they will operate in a tunnel. When you specify a tunnel endpoint, all traffic between the two VPN servers will be encrypted. Clients will communicate normally inside of each site, but, when data is destined for the remote site, the VPN servers will apply and remove IPSec, thereby ensuring the highest level of security without affecting the performance of the client computers. At VPNSRV1 the endpoint for the Tunnel Mode IPSec policy will be At VPNSRV2 the endpoint for the Tunnel Mode IPSec policy will be Provide secure access between private networks. Security Information for VPN docs/entserver/sag_vpn_ovr_security.asp

19 Question Number (ID) : 19 (wmpmsp_mngnwi-098) You are an administrator for an organization that has servers running Microsoft Windows Server Users on the network have not reported any problems with local network connectivity. Some remote client computers cannot make connections to a Routing and Remote Access (RRAS) VPN server. You need to determine if the problem exists with the RRAS VPN server, and if so, correct it. You confirm that the RRAS server is started. You confirm that the remote access clients and the VPN server are configured to use the same authentication protocols. You check the user accounts and the VPN server's remote access policy, and verify that the remote access client computers should be able to log on any time. What is the most likely cause of the problem? 1. Not enough ports are configured for the remote access client computers. <Correct> 2. The VPN server is using L2TP and the remote access client computers are using PPTP. 3. The VPN server has the wrong value set for the time. 4. The VPN server is using PPTP and the remote access client computers are using L2TP. If you have not configured enough ports for remote access client computers to connect to the VPN server, any attempts to connect will be rejected. For example, if your RRAS VPN configuration is set up to allow 35 concurrent VPN connections, and all 35 connections have already been established, no further client connection attempts will be accepted until one of the current connections is released. This scenario indicates that the remote access client computers and the VPN server are configured to use the same authentication protocols. This could be PPTP or L2TP or both. This means that if the VPN server is using PPTP, the remote access client computers are also using PPTP. If the VPN server is using L2TP for its authentication protocol, the remote access client computers are also using L2TP. Otherwise, the remote connections would not be established. If the VPN server has the wrong value set for the time, this would not have any effect on client computers being able to log in, because the policy is set up to allow logins any time. Troubleshoot client access to remote access services. - Diagnose and resolve issues related to remote access VPNs. Troubleshooting remote access VPNs

20 Question Number (ID) : 20 (wmpmsp_mngnwi-103) You are an administrator for an organization that has Routing and Remote Access (RRAS) configured as a router on the corporate network. Users complain that they cannot connect to hosts on a remote network. Refer to the graphic exhibit below. What is the most likely cause of the problem? 1. Static routes are configured incorrectly. 2. IP routing is not enabled. <Correct> 3. The demand-dial interface is disabled. 4. Broadcast name resolution is enabled. For routing to work properly on the corporate network, you should select the Enable IP routing check box on the IP tab of the RRAS server properties. Failure to do so will cause routing not to work. Based on the graphic, you cannot conclude whether or not static routes are configured correctly. If the static routes are not configured properly, this would cause problems in communicating on the network. In this case, the demand-dial interface is enabled, so this is not the cause of the problem. The enabling of broadcast name resolution does not have an effect on the network communication. Troubleshoot Routing and Remote Access routing. - Troubleshoot demand-dial routing. Routing and Remote Access Troubleshooting demand-dial routing

21 Question Number (ID) : 21 (jaamsp_mngnwi-096) Joan is the administrator for a medium-sized network with five locations. In each location, she has configured a server running Microsoft Windows Server 2003, Standard Edition with Routing and Remote Access and created demand-dial connections as displayed in the graphic exhibit. Each location can connect to its directly connected neighbor networks, but cannot connect to any other networks. What can Joan do to allow all networks to connect to each other? (Select all that apply.) 1. Create VPN connections on each server to all networks not currently connected to. 2. Configure IGMP to use the Demand-dial interfaces on all servers. 3. Configure RIPv2 to use the Demand-dial interfaces on all servers. <Correct> 4. Configure OSPF to use the Demand-dial interfaces on all servers. <Correct> 5. Configure NAT to use the Demand-dial interfaces on all servers. 6. Create static routes on each server to every other network through the Demand-dial interfaces. <Correct> Routes must be created to all remote networks to enable full connectivity. Either static routes can be configured, or a dynamic routing protocol, such as RIPv2 (Router Information Protocol version 2) or OSPF (Open Shortest Path First), can be used. VPN connections would not allow the networks to fully connect, just the servers on which the VPNs were configured. IGMP (Internet Group Management Protocol) is not a routing protocol, and would not enable network connectivity. NAT (Network Address Translation) is not a routing protocol, and would not enable network connectivity. Troubleshoot Routing and Remote Access routing. - Troubleshoot router-to-router VPNs. Deployment Overviews and Guidelines Virtual Private Networking with Windows 2000: Deploying Remote Access VPNs vpndeply.asp

22 Question Number (ID) : 22 (jaamsp_mngnwi-077) Joe is the administrator of a large network. He supports a number of telecommuters who access the network through Multilink over dial-up lines. These users have recently been provided with broadband Internet access. These users are using their own computers, which run a mix of Microsoft Windows XP Professional, Microsoft Windows 2000 Professional, and Microsoft Windows 98 Second Edition. Joe would like to use a single VPN protocol for all of these connections to reduce administration. What VPN protocol should Joe configure on the telecommuters' home computers? 1. L2TP 2. PPP 3. PPTP <Correct> 4. PPPoE PPTP (Point to Point Tunneling Protocol) is the only VPN protocol compatible with all of the operating systems running on the telecommuters' computers. L2TP (Layer 2 Tunneling Protocol) is not supported on Microsoft Windows 98 Second Edition. PPPoE (Point to Point Protocol over Ethernet) is not supported on Microsoft Windows 98 Second Edition. While PPP (Point to Point Protocol) is used by many VPN protocols, the Microsoft Windows implementation is used for dial-up networking, not VPNs. Manage remote access. - Manage Routing and Remote Access clients. Understanding Unicast Routing IP routing protocols docs/entserver/sag_rras-ch2-adv_4.asp

23 Question Number (ID) : 23 (ebcmsp_mngnwi-038) You are the network administrator for your company's Active Directory network. The servers in your organization are running Microsoft Windows Server The client computers are running Microsoft Windows XP Professional and Microsoft Windows 2000 Professional. You have configured Routing and Remote Access on one of your servers to allow remote users to access the corporate network through a VPN. You have removed all default Remote Access policies and created a new Remote Access policy that allows only members of the sales global group to connect. The user, who is named test, cannot connect to the VPN server. You have verified that test is a member of the sales group. The other users in the sales group can connect successfully. In the exhibit below, click on the area of the graphic that will allow you to resolve the problem with the test user. The default remote access policy, which has been removed, allows access if the properties of the user account are set to allow access. Since the default policy is removed and you have created a new policy that allows users to connect if they are members of the sales global group, the properties of the user accounts must be set to control access through Remote Access Policy. Since all of the other users in the sales global group can connect, their user accounts are already set to control access through the policy. To allow the test user to connect, set the Remote Access Permission to control access through Remote Access Policy. Troubleshoot client access to remote access services. - Diagnose and resolve issues related to establishing a remote access connection. Expanding and Securing Remote Access Clients /deploy/netdepl/ndgch06.asp

24 Question Number (ID) : 24 (ebcmsp_mngnwi-029) You are the network administrator for your company's Active Directory network. The servers in your organization are running Microsoft Windows Server The client computers are running Microsoft Windows XP Professional and Microsoft Windows 2000 Professional. You have been monitoring network traffic and have noticed that users are using a chat program that runs on TCP Port You do not want the users to be able to use this program with other hosts on the Internet. The users should still be able to use this program on the LAN, and all other traffic should be allowed to the Internet. The exhibit below shows a diagram of the network. From the list on the right, select a filter that will allow you to accomplish this goal. Place the selection in the list on the left under the appropriate node by clicking the item from the list on the right, clicking the appropriate node, and then clicking the arrow button. You may use the items from the list on the right more than once, and you do not have to use each item from the list. In this question, you are trying to block TCP port traffic from going to and coming from the Internet. You want to allow the internal users to be able to move data on that TCP port if they are communicating with other internal hosts. So, you want the router to forward those packets between Interfaces A and B but not on Interface C. In order to accomplish this goal, you must use packet filters on Interface C. You should create both an input and output filter allowing all traffic except for traffic on TCP port The default settings for an interface on a router are to allow all traffic. Filters are used when you want to control the traffic. If you denied all traffic except for TCP port 17001, you would only allow that port to be used. Manage remote access. - Manage packet filters. Manage Packet Filters docs/entserver/mpr_how_packetfilters.asp

25 Question Number (ID) : 25 (jaamsp_mngnwi-092) Bruce is the senior administrator for a medium-sized network. He recently configured remote access for the sales staff using Routing and Remote Access on a server running Microsoft Windows Server 2003, Enterprise Edition. The users have reported no problems connecting to the server or accessing resources, but they have complained that they are unable to browse the Internet when connected to the VPN. How can Bruce resolve this issue? 1. In the properties of the remote access server, uncheck "enable IP routing." 2. In the remote access console, configure IGMP. 3. On the sales staff computers, in the advanced properties of TCP/IP for the VPN connection, uncheck "Use default gateway on remote network." <Correct> 4. On the sales staff computers, in the properties of the VPN connection, choose "Automatically use my Windows logon name and password." Unchecking the "Use default gateway on remote network" option in the advanced properties of TCP/IP for the VPN connection will prevent the remote computers from routing traffic meant for the Internet through the VPN connection. Disabling IP routing on the remote access server will stop any connectivity outside of the remote access server's IP subnet. This will not allow users to browse the Internet while being connected to the VPN. Authentication is not a problem. IGMP (Internet Group Management Protocol) is used to notify routers when computers have joined a multi-cast group. Enabling this protocol will not allow users connected to the remote access server to browse the Internet while connected. Troubleshoot client access to remote access services. - Diagnose and resolve client access to resources beyond the remote access server. Deployment Overviews and Guidelines Virtual Private Networking with Windows 2000: Deploying Remote Access VPNs vpndeply.asp

26 Question Number (ID) : 26 (jaamsp_mngnwi-089) You are the administrator for large multi-sited network, with many users who would like to connect remotely. You have configured a server running Microsoft Windows Server 2003, Enterprise Edition with Routing and Remote Access. The remote users are all members of a global security group named "Remote-Users." and you have configured a policy to allow this group VPN access at all times. All of the remote users have been given laptop computers running a mix of Microsoft Windows XP Professional and Microsoft Windows 2000 Professional, but they may connect from their home computers as well. To enhance security, you have configured the server to only accept L2TP connections with strong data encryption. Many users report failed connections and that they received the message "Error 781: The connection requires a certificate and no valid certificate was found." What is the first step to resolve this issue? 1. Install the Remote Desktop Client on all of the laptop computers. 2. Verify that all the laptop computers are configured to use L2TP. 3. Configure the server to allow connections during all hours. 4. Verify that the connecting computers and the remote access server are members of the same Active Directory domain. <Correct> L2TP utilizes IPSec for encryption and computer authentication. IPSec by default uses Kerberos for authentication, requiring that the connecting computer and the server be members of the same Active Directory forest (Kerberos realm) and to have certificates issued by Active Directory. While this may be an eventual step, the error message indicates that L2TP is already configured on the laptop computers. The connection times are not the problem indicated by the error message. Connections attempted during restricted times receive "Error 649: The account does not have permission to dial in." Installing the Remote Desktop Client software will not permit the users to connect. The Remote Desktop Client uses RDP (Remote Desktop Protocol) to connect to a server running Terminal Services. Troubleshoot client access to remote access services. - Diagnose and resolve issues related to remote access VPNs. Virtual Private Networking Virtual private networking clients docs/datacenter/sag_rass_clients_vpn.asp

KB How to Configure IPSec Tunneling in Windows 2000

KB How to Configure IPSec Tunneling in Windows 2000 Page 1 of 5 Knowledge Base How to Configure IPSec Tunneling in Windows 2000 PSS ID Number: 252735 Article Last Modified on 3/17/2004 The information in this article applies to: Microsoft Windows 2000 Server

More information

How to Configure IPSec Tunneling in Windows 2000

How to Configure IPSec Tunneling in Windows 2000 Home Self Support Assisted Support Custom Support Worldwide Support How to Configure IPSec Tunneling in Windows 2000 The information in this article applies to: Article ID: Q252735 Last Reviewed: February

More information

L2TP Configuration. L2TP Overview. Introduction. Typical L2TP Networking Application

L2TP Configuration. L2TP Overview. Introduction. Typical L2TP Networking Application Table of Contents L2TP Configuration 1 L2TP Overview 1 Introduction 1 Typical L2TP Networking Application 1 Basic Concepts of L2TP 2 L2TP Tunneling Modes and Tunnel Establishment Process 4 L2TP Features

More information

INF204x Module 1, Lab 3 - Configure Windows 10 VPN

INF204x Module 1, Lab 3 - Configure Windows 10 VPN INF204x Module 1, Lab 3 - Configure Windows 10 VPN Estimated Time: 40 minutes Your organization plans to allow Windows 10 users to connect to the internal network by using the VPN client built into the

More information

Exam Questions Demo Microsoft. Exam Questions

Exam Questions Demo   Microsoft. Exam Questions Microsoft Exam Questions 70-413 Designing and Implementing a Server Infrastructure Version:Demo 1. Your network contains an Active Directory domain. All servers run Windows Server 2012 R2. The domain contains

More information

Virtual Private Networks (VPNs)

Virtual Private Networks (VPNs) CHAPTER 19 Virtual Private Networks (VPNs) Virtual private network is defined as customer connectivity deployed on a shared infrastructure with the same policies as a private network. The shared infrastructure

More information

TestsDumps. Latest Test Dumps for IT Exam Certification

TestsDumps.   Latest Test Dumps for IT Exam Certification TestsDumps http://www.testsdumps.com Latest Test Dumps for IT Exam Certification Exam : 70-350 Title : Implementing Microsoft Internet Security and Acceleration (ISA) Server 2004 Vendors : Microsoft Version

More information

Step-by-Step Configuration

Step-by-Step Configuration Step-by-Step Configuration Kerio Technologies C 2001-2004 Kerio Technologies. All Rights Reserved. Printing Date: April 25, 2004 This guide provides detailed description on configuration of the local network

More information

RX3041. User's Manual

RX3041. User's Manual RX3041 User's Manual Table of Contents 1 Introduction... 2 1.1 Features and Benefits... 3 1.2 Package Contents... 3 1.3 Finding Your Way Around... 4 1.4 System Requirements... 6 1.5 Installation Instruction...

More information

Wireless-G Router User s Guide

Wireless-G Router User s Guide Wireless-G Router User s Guide 1 Table of Contents Chapter 1: Introduction Installing Your Router System Requirements Installation Instructions Chapter 2: Preparing Your Network Preparing Your Network

More information

1100 Dexter Avenue N Seattle, WA NetMotion Mobility Architecture A Look Under the Hood

1100 Dexter Avenue N Seattle, WA NetMotion Mobility Architecture A Look Under the Hood TM 1100 Dexter Avenue N Seattle, WA 98109 206.691.5555 www.netmotionwireless.com NetMotion Mobility Architecture A Look Under the Hood NetMotion Mobility Architecture A Look Under the Hood Wireless networking

More information

LKR Port Broadband Router. User's Manual. Revision C

LKR Port Broadband Router. User's Manual. Revision C LKR-604 4-Port Broadband Router User's Manual Revision C 1 Contents 1 Introduction... 4 1.1 Features... 4 1.2 Package Contents... 4 1.3 Finding Your Way Around... 5 1.3.1 Front Panel... 5 1.3.2 Rear Panel

More information

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide

More information

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N CompTIA Network+ (Exam N10-007) Course Description: CompTIA Network+ is the first certification IT professionals specializing in network administration and support should earn. Network+ is aimed at IT

More information

Q-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ

Q-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ Q-Balancer Range FAQ The Q-Balance LB Series The Q-Balance Balance Series is designed for Small and medium enterprises (SMEs) to provide cost-effective solutions for link resilience and load balancing

More information

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

PASS4TEST. IT Certification Guaranteed, The Easy Way!  We offer free update service for one year PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : GSLC Title : GIAC Security Leadership Certification (GSLC) Vendors : GIAC

More information

SonicOS Release Notes

SonicOS Release Notes SonicOS Contents Platform Compatibility... 1 Known Issues... 2 Resolved Issues... 4 Upgrading SonicOS Enhanced Image Procedures... 5 Related Technical Documentation... 10 Platform Compatibility The SonicOS

More information

Step-by-Step Configuration

Step-by-Step Configuration Step-by-Step Configuration Kerio Technologies C 2001-2006 Kerio Technologies. All Rights Reserved. Printing Date: May 3, 2006 This guide provides detailed description on configuration of the local network

More information

IP Routing & Bridging

IP Routing & Bridging CHAPTER 2 TCP/IP Routing: Ethernet Dialog Box To access this dialog box (Figure 2-1), select Ethernet/TCP/IP Routing from the Device View. Figure 2-1 TCP/IP Routing: Ethernet Configuration Dialog Box If

More information

Cisco Interconnecting Cisco Networking Devices Part 2

Cisco Interconnecting Cisco Networking Devices Part 2 Cisco 200-105 Interconnecting Cisco Networking Devices Part 2 R1# show running-config description ***Loopback*** ip address 192.168.1.1 255.255.255.255 Question: 374 description **Connected to R1-LAN**

More information

Manual Overview. This manual contains the following sections:

Manual Overview. This manual contains the following sections: Table of Contents Manual Overview This manual contains the following sections: Section 1 - Product Overview describes what is included with the DIR-130 router, and things to consider before installing

More information

COPYRIGHTED MATERIAL. Con t e n t s. Chapter 1 Introduction to Networking 1. Chapter 2 Overview of Networking Components 21.

COPYRIGHTED MATERIAL. Con t e n t s. Chapter 1 Introduction to Networking 1. Chapter 2 Overview of Networking Components 21. Con t e n t s Introduction xix Chapter 1 Introduction to Networking 1 Comparing Logical and Physical Networks.... 1 Networking Home Computers........................................... 2 Networking Small

More information

Cisco How Virtual Private Networks Work

Cisco How Virtual Private Networks Work Table of Contents How Virtual Private Networks Work...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 Background Information...1 What Makes a VPN?...2 Analogy:

More information

Monitoring Remote Access VPN Services

Monitoring Remote Access VPN Services CHAPTER 5 A remote access service (RAS) VPN secures connections for remote users, such as mobile users or telecommuters. RAS VPN monitoring provides all of the most important indicators of cluster, concentrator,

More information

Exam : Title : PRO: Windows Server 2008, Enterprise Administrator Ver :

Exam : Title : PRO: Windows Server 2008, Enterprise Administrator Ver : Exam : 070-647 Title : PRO: Windows Server 2008, Enterprise Administrator Ver : 06-26-2008 QUESTION 1 You are an enterprise administrator for Certkiller. The company has a head office in San Diego and

More information

Installing, Configuring and Administering ISA Server 2000, Enterprise Edition

Installing, Configuring and Administering ISA Server 2000, Enterprise Edition 070-227 70-227 Installing, Configuring and Administering ISA Server 2000, Enterprise Edition Version 1-1 - Important Note Please Read Carefully This product will provide you questions and answers along

More information

Step-by-Step Configuration

Step-by-Step Configuration Step-by-Step Configuration Kerio Technologies Kerio Technologies. All Rights Reserved. Release Date: March 16, 2007 This guide provides detailed description on configuration of the local network which

More information

GRE and DM VPNs. Understanding the GRE Modes Page CHAPTER

GRE and DM VPNs. Understanding the GRE Modes Page CHAPTER CHAPTER 23 You can configure Generic Routing Encapsulation (GRE) and Dynamic Multipoint (DM) VPNs that include GRE mode configurations. You can configure IPsec GRE VPNs for hub-and-spoke, point-to-point,

More information

Using the Terminal Services Gateway Lesson 10

Using the Terminal Services Gateway Lesson 10 Using the Terminal Services Gateway Lesson 10 Skills Matrix Technology Skill Objective Domain Objective # Deploying a TS Gateway Server Configure Terminal Services Gateway 2.2 Terminal Services (TS) Web

More information

CCENT Practice Certification Exam # 2 - CCNA Exploration: Accessing the WAN (Version 4.0)

CCENT Practice Certification Exam # 2 - CCNA Exploration: Accessing the WAN (Version 4.0) CCENT Practice Certification Exam # 2 - CCNA Exploration: Accessing the WAN (Version 4.0) 1. Data is being sent from a source PC to a destination server. Which three statements correctly describe the function

More information

Microsoft Microsoft TS: MS Internet Security & Acceleration Server 2006, Configuring. Practice Test. Version:

Microsoft Microsoft TS: MS Internet Security & Acceleration Server 2006, Configuring. Practice Test. Version: Microsoft 70-351 Microsoft 70-351 TS: MS Internet Security & Acceleration Server 2006, Configuring Practice Test Version: 2.2 QUESTION NO: 1 Your network consists of a single Active Directory domain named

More information

Remote Support Security Provider Integration: RADIUS Server

Remote Support Security Provider Integration: RADIUS Server Remote Support Security Provider Integration: RADIUS Server 2003-2019 BeyondTrust Corporation. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust Corporation. Other trademarks

More information

Broadband Router DC-202. User's Guide

Broadband Router DC-202. User's Guide Broadband Router DC-202 User's Guide Table of Contents CHAPTER 1 INTRODUCTION... 1 Broadband Router Features... 1 Package Contents... 3 Physical Details...3 CHAPTER 2 INSTALLATION... 5 Requirements...

More information

Configuring PPP over Ethernet with NAT

Configuring PPP over Ethernet with NAT CHAPTER 3 The Cisco Secure Router 520 Ethernet-to-Ethernet routers support Point-to-Point Protocol over Ethernet (PPPoE) clients and network address translation (NAT). Multiple PCs can be connected to

More information

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Fundamentals of Windows Server 2008 Network and Applications Infrastructure COURSE OVERVIEW This five-day instructor-led course introduces students to network and applications infrastructure concepts and configurations provided by Window Server 2008. Students will be able to acquire

More information

Setting Up Windows 2K VPN Connection Through The Symantec Raptor Firewall Firewall

Setting Up Windows 2K VPN Connection Through The Symantec Raptor Firewall Firewall Setting Up Windows 2K VPN Connection Through The Symantec Raptor Firewall Firewall By: Loc Huynh Date: 24 March 2003 Table of Contents 1.0 Foreword...2 2.0 Setting VPN on VPN Server...2 3.0 Setting Symantec

More information

Yealink VCS Network Deployment Solution

Yealink VCS Network Deployment Solution Yealink VCS Network Deployment Solution Oct. 2015 V10.6 Yealink Network Deployment Solution Table of Contents Table of Contents... iii Network Requirements... 1 Bandwidth Requirements... 1 Calculating

More information

Virtual Private Networks.

Virtual Private Networks. Virtual Private Networks thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Content Virtual Private Networks VPN Basics Protocols (IPSec, PPTP, L2TP) Objectives of VPNs Earlier Companies

More information

CompTIA Network+ Study Guide Table of Contents

CompTIA Network+ Study Guide Table of Contents CompTIA Network+ Study Guide Table of Contents Course Introduction Table of Contents Getting Started About This Course About CompTIA Certifications Module 1 / Local Area Networks Module 1 / Unit 1 Topologies

More information

Secure Access Configuration Guide For Wireless Clients

Secure Access Configuration Guide For Wireless Clients ProCurve Networking Secure Access Configuration Guide For Wireless Clients Secure Access Configuration Guide For Wireless Clients Introduction... 2 Configuration Scenarios... 2 Required Network Services...

More information

UIP1869V User Interface Guide

UIP1869V User Interface Guide UIP1869V User Interface Guide (Firmware version 0.1.8 and later) Table of Contents Opening the UIP1869V's Configuration Utility... 3 Connecting to Your Broadband Modem... 5 Setting up with DHCP... 5 Updating

More information

CHAPTER 7 ADVANCED ADMINISTRATION PC

CHAPTER 7 ADVANCED ADMINISTRATION PC ii Table of Contents CHAPTER 1 INTRODUCTION... 1 Broadband ADSL Router Features... 1 Package Contents... 3 Physical Details... 4 CHAPTER 2 INSTALLATION... 6 Requirements... 6 Procedure... 6 CHAPTER 3 SETUP...

More information

Identify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS)

Identify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS) Course Outline Network+ Duration: 5 days (30 hours) Learning Objectives: Install and configure a network card Define the concepts of network layers Understand and implement the TCP/IP protocol Install

More information

LevelOne FBR User s Manual. 1W, 4L 10/100 Mbps ADSL Router. Ver

LevelOne FBR User s Manual. 1W, 4L 10/100 Mbps ADSL Router. Ver LevelOne FBR-1416 1W, 4L 10/100 Mbps ADSL Router User s Manual Ver 1.00-0510 Table of Contents CHAPTER 1 INTRODUCTION... 1 FBR-1416 Features... 1 Package Contents... 3 Physical Details... 3 CHAPTER 2

More information

IP806GA/GB Wireless ADSL Router

IP806GA/GB Wireless ADSL Router IP806GA/GB Wireless ADSL Router 802.11g/802.11b Wireless Access Point ADSL Modem NAT Router 4-Port Switching Hub User's Guide Table of Contents CHAPTER 1 INTRODUCTION... 1 Wireless ADSL Router Features...

More information

Identity Firewall. About the Identity Firewall

Identity Firewall. About the Identity Firewall This chapter describes how to configure the ASA for the. About the, on page 1 Guidelines for the, on page 7 Prerequisites for the, on page 9 Configure the, on page 10 Monitoring the, on page 16 History

More information

How to Configure a Remote Management Tunnel for an F-Series Firewall

How to Configure a Remote Management Tunnel for an F-Series Firewall How to Configure a Remote Management Tunnel for an F-Series Firewall If the managed NextGen Firewall F-Series cannot directly reach the NextGen Control Center, it must connect via a remote management tunnel.

More information

How to Configure a Client-to-Site L2TP/IPsec VPN

How to Configure a Client-to-Site L2TP/IPsec VPN Follow the instructions in this article to configure a client-to-site L2TP/IPsec VPN. With this configuration, IPsec encrypts the payload data of the VPN because L2TP does not provide encryption. In this

More information

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e Chapter 8 Networking Essentials Objectives Learn about the protocols and standards Windows uses for networking Learn how to connect

More information

Remote Desktop Services. Deployment Guide

Remote Desktop Services. Deployment Guide Deployment Guide UPDATED: 20 June 2018 Copyright Notices Copyright 2002-2018 KEMP Technologies, Inc. All rights reserved. KEMP Technologies and the KEMP Technologies logo are registered trademarks of KEMP

More information

How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT

How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT Table of Contents TABLE OF CONTENTS 1 BACKGROUND 2 WINDOWS SERVER CONFIGURATION STEPS 2 CONFIGURING USER AUTHENTICATION 3 ACTIVE DIRECTORY

More information

HikCentral V.1.1.x for Windows Hardening Guide

HikCentral V.1.1.x for Windows Hardening Guide HikCentral V.1.1.x for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1 Strict Password Policy... 2 1.2 Turn Off Windows Remote

More information

Active Directory in Networks Segmented by Firewalls

Active Directory in Networks Segmented by Firewalls Active Directory in Networks Segmented by Firewalls Microsoft Corporation Published: July 2002 Updated: October 2004 Abstract Microsoft Active Directory service domain controllers are increasingly being

More information

A Division of Cisco Systems, Inc. EtherFast Cable/DSL VPN Router. with 4-Port 10/100 Switch. User Guide WIRED. BEFVP41 v2. Model No.

A Division of Cisco Systems, Inc. EtherFast Cable/DSL VPN Router. with 4-Port 10/100 Switch. User Guide WIRED. BEFVP41 v2. Model No. A Division of Cisco Systems, Inc. WIRED EtherFast Cable/DSL VPN Router with 4-Port 10/100 Switch User Guide Model No. BEFVP41 v2 Copyright and Trademarks Linksys is a registered trademark or trademark

More information

CertGuaranteed. Study Hard and Pass Your Exam

CertGuaranteed. Study Hard and Pass Your Exam Topic 6, Implementing, Managing, and Troubleshooting Network Protocols and Services (29 questions) Section 1: Configure and troubleshoot the TCP/IP protocol. (10 question) QUESTION 1 You are the administrator

More information

Correct Answer: C. Correct Answer: B

Correct Answer: C. Correct Answer: B QUESTION 1 Your company has a main office. The main office is located in a building that has 10 floors. A datacenter on the ground floor contains a Windows Server 2012 failover cluster. The failover cluster

More information

MCSA Guide to Networking with Windows Server 2016, Exam

MCSA Guide to Networking with Windows Server 2016, Exam MCSA Guide to Networking with Windows Server 2016, Exam 70-741 First Edition Chapter 7 Implementing Network Policy Server 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in

More information

Implementing Security in Windows 2003 Network (70-299)

Implementing Security in Windows 2003 Network (70-299) Implementing Security in Windows 2003 Network (70-299) Level 1 Authorization & Authentication 2h 20m 20s 1.1 Group Strategy 1.2 Group Scopes 1.3 Built-in Groups 1.4 System or Special Groups 1.5 Administrating

More information

Automating VPN Management

Automating VPN Management Automating VPN Management By Scott Hilton, Vice President Product Management Assured Digital, Inc. Although many network managers, users and executives agree on the benefits of virtual private networking,

More information

Broadband Router. with 2 Phone Ports WIRED. Installation and Troubleshooting Guide RT31P2. A Division of Cisco Systems, Inc. Model No.

Broadband Router. with 2 Phone Ports WIRED. Installation and Troubleshooting Guide RT31P2. A Division of Cisco Systems, Inc. Model No. A Division of Cisco Systems, Inc. Broadband Router with 2 Phone Ports WIRED Installation and Troubleshooting Guide Model No. RT31P2 Copyright and Trademarks Specifications are subject to change without

More information

TestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE. Modified

TestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE. Modified TestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE Modified 2017-07-10 TestOut Routing and Switching Pro Outline- English 6.0.x Videos: 133 (15:42:34) Demonstrations: 78 (7:22:19) Simulations:

More information

Aventail Connect Client with Smart Tunneling

Aventail Connect Client with Smart Tunneling Aventail Connect Client with Smart Tunneling User s Guide Windows v8.9.0 1996-2007 Aventail Corporation. All rights reserved. Aventail, Aventail Cache Control, Aventail Connect, Aventail Connect Mobile,

More information

Exam Questions SY0-401

Exam Questions SY0-401 Exam Questions SY0-401 CompTIA Security+ Certification https://www.2passeasy.com/dumps/sy0-401/ 1. A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened

More information

Cisco 5921 Embedded Services Router

Cisco 5921 Embedded Services Router Data Sheet Cisco 5921 Embedded Services Router The Cisco 5921 Embedded Services Router (ESR) is a Cisco IOS software router application. It is designed to operate on small, low-power, Linux-based platforms

More information

Barracuda Link Balancer

Barracuda Link Balancer Barracuda Networks Technical Documentation Barracuda Link Balancer Administrator s Guide Version 2.3 RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks www.barracuda.com v2.3-111215-01-1215

More information

ADSLNET INFORMATION AND TECHNOLOGIES. Document Purpose

ADSLNET INFORMATION AND TECHNOLOGIES. Document Purpose ADSLNET INFORMATION AND TECHNOLOGIES Document Purpose This document describes the requirements and setup procedures for a VPN solution using Microsoft Windows 2000. This document is also intended for the

More information

Configuration Guide TL-ER5120/TL-ER6020/TL-ER REV3.0.0

Configuration Guide TL-ER5120/TL-ER6020/TL-ER REV3.0.0 Configuration Guide TL-ER5120/TL-ER6020/TL-ER6120 1910012186 REV3.0.0 June 2017 CONTENTS About This Guide Intended Readers... 1 Conventions... 1 More Information... 1 Viewing Status Information... 2 System

More information

Sample excerpt. Virtual Private Networks. Contents

Sample excerpt. Virtual Private Networks. Contents Contents Overview...................................................... 7-3.................................................... 7-5 Overview of...................................... 7-5 IPsec Headers...........................................

More information

Cisco QuickVPN Installation Tips for Windows Operating Systems

Cisco QuickVPN Installation Tips for Windows Operating Systems Cisco QuickVPN Installation Tips for Windows Operating Systems For a video showing installation tips on Quick VPN, visit http://youtu.be/hhu2z6a78n8 Objective Cisco QuickVPN is a free software designed

More information

HikCentral V1.3 for Windows Hardening Guide

HikCentral V1.3 for Windows Hardening Guide HikCentral V1.3 for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1Strict Password Policy... 2 1.2Turn Off Windows Remote

More information

H Q&As. HCNA-HNTD (Huawei Network Technology and Device) Pass Huawei H Exam with 100% Guarantee

H Q&As. HCNA-HNTD (Huawei Network Technology and Device) Pass Huawei H Exam with 100% Guarantee H12-211 Q&As HCNA-HNTD (Huawei Network Technology and Device) Pass Huawei H12-211 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: 100% Passing Guarantee 100% Money

More information

Remote Desktop Services Deployment Guide

Remote Desktop Services Deployment Guide Deployment Guide VERSION: 10.0 UPDATED: July 2017 Copyright Notices Copyright 2002-2017 KEMP Technologies, Inc. All rights reserved. KEMP Technologies and the KEMP Technologies logo are registered trademarks

More information

Yealink VCS Network Deployment Solution

Yealink VCS Network Deployment Solution Yealink VCS Network Deployment Solution Aug. 2016 V21.20 Yealink Network Deployment Solution ii Table of Contents Table of Contents... iii Network Requirements Overview... 1 Bandwidth Requirements... 1

More information

Managing the VPN Client

Managing the VPN Client Managing the VPN Client This chapter explains the tasks you can perform to manage connection entries, view and manage event reporting, and upgrade or uninstall the VPN Client software. The management features

More information

Provisioning Broadband Aggregators Topics

Provisioning Broadband Aggregators Topics CHAPTER 7 The Cisco Broadband Access Center software enables you to provision services on broadband aggregators. Provisioning occurs after you create administrative networks and network devices. See Chapter

More information

Network+ Guide to Networks 6 th Edition

Network+ Guide to Networks 6 th Edition Network+ Guide to Networks 6 th Edition Chapter 10 Virtual Networks and Remote Access Objectives 1. Explain virtualization and identify characteristics of virtual network components 2. Create and configure

More information

Configuring PPP over Ethernet with NAT

Configuring PPP over Ethernet with NAT This chapter provides an overview of Point-to-Point Protocol over Ethernet (PPPoE) clients and network address translation (NAT) that can be configured on the Cisco 819, Cisco 860, Cisco 880, and Cisco

More information

AT&T SD-WAN Network Based service quick start guide

AT&T SD-WAN Network Based service quick start guide AT&T SD-WAN Network Based service quick start guide After you order your AT&T SD-WAN Network Based service, you can: Create administrator accounts Log in to the SD-WAN orchestrator Configure business policy

More information

Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide

Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide 28 May 2009 3Com VCX Connect Solution SIP Trunking Table of Contents 1 3COM VCX CONNECT AND INGATE... 1 1.1 SIP TRUNKING SUPPORT...

More information

MOC 6420A: Fundamentals of Windows Server 2008 Network and Applications Infrastructure

MOC 6420A: Fundamentals of Windows Server 2008 Network and Applications Infrastructure MOC 6420A: Fundamentals of Windows Server 2008 Network and Applications Infrastructure Course Number: 6420A Length: 5 Day(s) Certification Exam This course is associated with Exam 70-642 TS: Windows Server

More information

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide SonicWALL 6.2.0.0 Addendum A Supplement to the SonicWALL Internet Security Appliance User's Guide Contents SonicWALL Addendum 6.2.0.0... 3 New Network Features... 3 NAT with L2TP Client... 3 New Tools

More information

Securing Wireless LANs with Certificate Services

Securing Wireless LANs with Certificate Services 1 Securing Wireless LANs with Certificate Services PHILIP HUYNH University of Colorado at Colorado Springs Abstract Wireless Local Access Network (WLAN) is used popularly in almost everywhere from the

More information

LevelOne. User's Guide. Broadband Router FBR-1402TX FBR-1403TX

LevelOne. User's Guide. Broadband Router FBR-1402TX FBR-1403TX LevelOne Broadband Router FBR-1402TX FBR-1403TX User's Guide Table of Contents CHAPTER 1 INTRODUCTION... 1 LevelOne Broadband Router Features... 1 Package Contents... 3 Physical Details...4 CHAPTER 2 INSTALLATION...

More information

Yealink VCS Network Deployment Solution

Yealink VCS Network Deployment Solution Yealink VCS Network Deployment Solution Jul. 2016 V21.15 Yealink Network Deployment Solution ii Table of Contents Table of Contents... iii Network Requirements Overview... 1 Bandwidth Requirements... 1

More information

SUPERSTACK 3 FIREWALL FIRMWARE VERSION RELEASE NOTES

SUPERSTACK 3 FIREWALL FIRMWARE VERSION RELEASE NOTES SUPERSTACK 3 FIREWALL FIRMWARE VERSION 6.0.2 RELEASE NOTES Please use these notes in conjunction with the following documents: SuperStack 3 Firewall User Guide Part number: DUA1611-0AAA02 SuperStack 3

More information

HP Instant Support Enterprise Edition (ISEE) Security overview

HP Instant Support Enterprise Edition (ISEE) Security overview HP Instant Support Enterprise Edition (ISEE) Security overview Advanced Configuration A.03.50 Mike Brandon Interex 03 / 30, 2004 2003 Hewlett-Packard Development Company, L.P. The information contained

More information

Broadband Router. User s Manual

Broadband Router. User s Manual Broadband Router User s Manual 1 Introduction... 4 Features... 4 Minimum Requirements... 4 Package Content... 4 Note... 4 Get to know the Broadband Router... 5 Back Panel... 5 Front Panel... 6 Setup Diagram...7

More information

Managing External Identity Sources

Managing External Identity Sources CHAPTER 5 The Cisco Identity Services Engine (Cisco ISE) integrates with external identity sources to validate credentials in user authentication functions, and to retrieve group information and other

More information

Exam Name: Pro: Upgrading to Windows 7 MCITP Enterprise Desktop Support Technician

Exam Name: Pro: Upgrading to Windows 7 MCITP Enterprise Desktop Support Technician Vendor: Microsoft Exam Code: 70-682 Exam Name: Pro: Upgrading to Windows 7 MCITP Enterprise Desktop Support Technician Version: DEMO QUESTION 1 Scenario 1 For your convenience, the scenario is repeated

More information

Security Provider Integration RADIUS Server

Security Provider Integration RADIUS Server Security Provider Integration RADIUS Server 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property

More information

Configuration Guide SuperStack 3 Firewall L2TP/IPSec VPN Client

Configuration Guide SuperStack 3 Firewall L2TP/IPSec VPN Client Overview This guide is used as a supplement to the SuperStack 3 Firewall manual, and details how to configure the native Windows VPN client to work with the Firewall, via the Microsoft recommended Layer

More information

Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)

Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs) Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs) Microsoft Corporation Published: June 2004 Abstract This white paper describes how to configure

More information

How to Configure a Remote Management Tunnel for Barracuda NG Firewalls

How to Configure a Remote Management Tunnel for Barracuda NG Firewalls How to Configure a Remote Management Tunnel for Barracuda NG Firewalls If the managed NG Firewall can not directly reach the NG Control Center it must connect via a remote management tunnel. The remote

More information

Table of Contents. Cisco Cisco VPN Client FAQ

Table of Contents. Cisco Cisco VPN Client FAQ Table of Contents Cisco VPN Client FAQ...1 Document ID: 45102...1 Questions...1 Introduction...2 Q. Why does the VPN Client disconnect after 30 minutes? Can I extend this time period?...2 Q. I upgraded

More information

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems Technical Overview of in Windows 7 and Windows Server 2008 R2 Microsoft Windows Family of Operating Systems Published: January 2009 This document supports a preliminary release of a software product that

More information

2016 Braindump2go Valid Cisco Exam Preparation Materials:

2016 Braindump2go Valid Cisco Exam Preparation Materials: Guarantee All Exams 100% Pass One Time 2016 NEW Cisco CCNA Routing and Switching 200-105: Interconnecting Cisco Networking Devices Part 2 (ICND2 v3.0) Exam Questions and Answers RELEASED in Braindump2go.com

More information

GSLC. GIAC Security Leadership.

GSLC. GIAC Security Leadership. GIAC GSLC GIAC Security Leadership TYPE: DEMO http://www.examskey.com/gslc.html Examskey GIAC GSLC exam demo product is here for you to test the quality of the product. This GIAC GSLC demo also ensures

More information

Broadband Router DC 202

Broadband Router DC 202 Broadband Router DC 202 Full Manual Table of Contents DC-202 xdsl/cable Broadband router REQUIREMENTS...4 INTRODUCTION...4 DC-202 Features...4 Internet Access Features...4 Advanced Internet Functions...5

More information

Gigabit Content Security Router CS-5800

Gigabit Content Security Router CS-5800 Gigabit Content Security Router CS-5800 Presentation Outline Product Overview Product Feature Product Application Product Comparison Appendix 2 / 34 Overview What is the Content filter? Content filtering

More information

4-Port Cable/DSL Router DX-E401. Product Name [French] Product Name [Spanish] USER GUIDE GUIDE DE L UTILISATEUR GUÍA DEL USUARIO

4-Port Cable/DSL Router DX-E401. Product Name [French] Product Name [Spanish] USER GUIDE GUIDE DE L UTILISATEUR GUÍA DEL USUARIO 4-Port Cable/DSL Router Product Name [French] Product Name [Spanish] DX-E401 USER GUIDE GUIDE DE L UTILISATEUR GUÍA DEL USUARIO 2 Introduction Dynex 4-Port Cable/DSL Router Introduction This router enables

More information