|
Question 1. You work as the network administrator at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. All servers on the ITCertKeys.com network run Windows Server 2003 and all client computers run Windows XP Professional. The ITCertKeys.com network recently deployed three ISA Server 2004 computers to the domain which will be used by the client computers for Internet access. You have received instruction from the CIO to plan the implementation to ensure that the client computers view all three servers as one. You are additionally required to ensure that the load on ISA Server 2004 is distributed among the three ISA Server 2004 computers. What should you do? A. The Windows Server 2003 computer should be configured as a Network Load Balancing (NLB) cluster B. The Windows Server 2003 computer should be configured as a three-node Active/Passive cluster C. All the Windows Server 2003 computers should be configured as stand-alone servers D. All the Windows Server 2003 computers should be configured with the same IP address Answer: A Explanation: In the scenario the host record should be configured with the virtual IP address to the external interface of the NLB cluster. Since NLB is used as a cluster technique which is used to allow two or more servers to share the processing load it should be used in the scenario. Incorrect Answers: B: The configuration made with a three-node Active/Passive cluster should not be considered in the scenario because it will not help in any way. C: The stand-alone server configuration should not be considered in the scenario because the server that is not a member of the domain will provide access to all resources that are available in it. D: The configuration should not be used at all in the scenario as you will be responsible for have creating IP address conflicts on the network. Question 2. You work as the network administrator at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. All servers on the ITCertKeys.com network run Windows Server 2003 and all client computers run Microsoft Windows NT 4.0 with Microsoft Proxy 2.0 WinsoITK Proxy client installed and the other computers run Windows XP Professional and all have the ISA Server 2000 Firewall Client installed. The ITCertKeys.com network contains an ISA Server 2004 server named ITCertKeys -SR01 which is used for Internet access. You have received instruction from the CIO to configure all client computers to use encryption while communicating wit h ITCertKeys -SR01. What should you do (Choose three) A. ISA Server 2004 must be configured to enable Require all users to authenticate setting. B. The Firewall client settings should be configured on ISA Serve r2004 to enable the Allow non-encrypted Firewall client connections setting. C. The ISA Server 2000 Firewall Client software should be upgraded on the Windows XP Professional computers to ISA Server 2004 Firewall Client. D. The WinsoITK Proxy client should be uninstalled from the client computers running Microsoft Windows NT 4.0 and install the ISA Server 2004 Firewall Client. E. An in-place upgrade should be performed on ITCertKeys -SR01 by using the ISA Server 2004 Migration Tool. Answer: C, D, E Explanation: In the scenario you should perform an in-place upgrade and uninstall the WinsoITK Proxy client from the computers and install the ISA Server 2004 Firewall Client software on both workstation computers NT 4.0 and XP Professional as ISA Server 2000 does not have encryption. Incorrect Answers: A: The setting should not be configured in the scenario because the settings are used for Web proxy clients and the ISA server will prompt for user credentials. B: This setting should not be considered in the scenario as you are required to provide encryption and the Firewall Client in question should not be configured this way. Question 3. You work as the network administrator at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. The client computers at ITCertKeys.com are running Windows XP Professional. The CIO of ITCertKeys.com has asked you to put into operation an ISA Server 2004. The implementation should act as a SecureNAT firewall for client computers on the ITCertKeys.com network. You want the ISA Server 2004 implementation to consist of a Windows Server 2003 Network Load Balancing cluster. ITCertKeys.com wants their customers to be load balanced across the Network Load Balancing cluster when they connect by using DNS. Before you install ISA Server 2004 you need to plan the external DNS implementation. What should you do? A. You need to create three service locater (SRV) resource records and configure each record to use the _HTTP service and to reference the IP address of one of the internal interfaces of the Network Load Balancing cluster nodes. B. You need to create three host (A) resource records and configure each record with the IP address of one of the external interfaces of the Network Load Balancing cluster nodes. C. You need to create one host (A) resource record and to configure the record with the virtual IP address that is assigned to the external interface of the Network Load Balancing cluster. D. You need to create one host (A) resource record and to configure the record with the virtual IP address that is assigned to the internal interface of the Network Load Balancing cluster. Answer: C Explanation: Network load balancing is a cluster of servers that provide the same services. By using network load balancing, users contact the IP address of the cluster in order to use the services that are shared by the cluster. It provides for load sharing between NLB cluster members, and also provides for redundancy if one of the NLB members becomes unavailable. Only the Enterprise version of ISA Server 2004 natively supports NLB. Question 4. You work as the network administrator at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. All servers on the ITCertKeys.com network run Windows Server 2003 and all client computers run Windows XP Professional. The ITCertKeys.com network recently deployed 4 Microsoft ISA 2004 server computers that are to be used for connecting to the Internet. You decided to configure the ISA server computers as a Network Load Balancing cluster. You have received instruction from the CIO to allow the client computers to connect to the NLB cluster by using DNS and to load balance the network traffic to the ISA server computers across the NLB cluster. You firstly create a host (A) resource record for the NLB cluster and need to decide what to do next. What should you do? A. DNS round-robin should be used to map the cluster's FQDN to the IP addresses of each network adapter of the NLB cluster nodes. B. The host record must be configured with the IP address assigned to one of the external interfaces of the NLB cluster nodes. C. The host record must be configured with the IP address assigned to one of the internal interfaces of the NLB cluster nodes. D. The host record must be configured with the virtual IP address of the NLB cluster. Answer: D Explanation: In the scenario the host record should be configured with the virtual IP address to the external interface of the NLB cluster. Since NLB is used as a cluster technique which is used to allow two or more servers to share the processing load it should be used in the scenario. Incorrect Answers: A: DNS round-robin should not be used in the scenario because the NLB clusters FQDN should be mapped to the cluster's virtual IP address. B, C: The host record should not be configured with the IP Address assigned to the internal or external NLB cluster interfaces because the internal IP address is used for internal communication and the second interface is not configured with a unique IP address. Question 5. You work as the network administrator at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. All servers on the ITCertKeys.com network run Windows Server 2003 and all client computers run Windows XP Professional. The ITCertKeys.com network recently deployed an ISA Server 2004 computer to the domain named ITCertKeys -SR01 which will be used by the client computers for Internet access. You have received instruction from the CIO to secure ITCertKeys -SR01 before it starts providing Internet access to client computers on the network an you need to know how to configure security for the ISA Server 2004 computer. What should you do? (Choose TWO.) A. All users should be granted Deny access to this computer from the network right. B. The Allow log on locally right should be granted only to the Administrators group. C. The Allow log on locally right should be granted only to the Authenticated Users group. D. The Remote Access Connection Manager service should be disabled on ITCertKeys -SR01. Answer: A, B Explanation: In the scenario you should grant only the Administrators group the Allow log on locally right and the Deny access to this computer from the network must be assigned to all users as this will ensure that users in the administrative group has the rights to manage monitor and configure the ISA server. Incorrect Answers: C, D: The Allow log on locally right should not be assigned in the scenario because the authenticated users group contains all the users in the domain who are authenticated allowing every authenticated user to access or log on locally to the ISA server. Question 6. You work as the network administrator at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. All servers on the ITCertKeys.com network run Windows Server 2003 and all client computers run Windows XP Professional. The ITCertKeys.com network recently deployed an ISA Server 2004 computer to the domain which will be used by the client computers for Internet access. The Firewall client installation share will be placed on the ISA Server 2004 computer and the clients will connect to the ISA Server 2004 and install the firewall client software from the share and are required to know which service to enable to allow client computers to connect to ISA Server 2004 and install Firewall Client software from the share. What should you do? A. Enable the Windows Installer service. B. Enable the Workstation service. C. Enable the Net Logon service. D. Enable the Server service. Answer: D Explanation: The Server service should be enabled in the scenario because the service is used to connect to the ISA 2004 Server and install Firewall Client software from the Firewall Client Installation share on the network. Incorrect Answers: A: The Windows Installer service should not be enabled in the scenario because the service adds, modifies and removes applications provided as .msi paITKages B: The Workstation service should not be enabled in the scenario because the service creates and maintains client network connections to remote servers. C: Net Logon should not be enabled in the scenario because the service maintains a secure channel between the client computer and the domain controller to authenticate users and services. Question 7. You work as the network administrator at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. All servers on the ITCertKeys.com network run Windows Server 2003 and all client computers run Windows XP Professional. The ITCertKeys.com network contains an ISA Server 2004 computer named ITCertKeys -SR01 configured with the external and internal network adapters IP addresses of 100.100.10.2 and 192.168.100.2 respectively. During the course of the day you discover that ITCertKeys -SR01 is unable to receive SMTP traffic from the Internet. You are required to query a single TCP port to verify if ITCertKeys -SR01 is listening on TCP port 25 or not. What should you do? A. The portqry n 100.100.10.2p tcp e 25 command should be run on ITCertKeys -SR01. B. The portqry n 100.100.10.2 p tcp r 25 command should be run on ITCertKeys -SR01. C. The netstat a p tcp command should be run on ITCertKeys -SR01. D. The netstat a p tcp command should be run on ITCertKeys -SR01. Answer: A Explanation: In the scenario the best option is to run the portqry n 100.100.10.2 p tcp e 25 command on ITCertKeys -SR01 as this command is capable of querying a single port to cheITK if the server is listening on that particular port in the scenario. Incorrect Answers: B: This command should not be used in the scenario because you want to scan a single port and the command is used to scan a range of ports. C: This command should not be used in the scenario because the command is used to display all the connections and listening ports for TCP. D: This command should not be considered for the scenario because the command is used to display all the addresses and port numbers in a numerical form for TCP. Question 8. ITCertKeys.com has employed you as a network administrator. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. The client computers at ITCertKeys.com are running Windows XP Professional. The ITCertKeys.com network also contains a server named ITCertKeys -SR24 which is set up as a Routing and Remote Access server. The ITCertKeys.com network in configured as seen in the exhibit: You are planning to upgrade ITCertKeys -SR24 to ISA Server 2004. To upgrade to ISA Server 2004 you need to configure the Internal network and take into consideration the creation of access rules that are specific for each subnet. Which of the following IP address ranges should you use? (Each correct answer presents part of the solution. (Choose THREE) A. 10.0.25.1 - 10.0.25.255. B. 172.16.1.0 - 172.16.1.255. C. 172.16.2.0 - 172.16.2.255. D. 172.16.10.0 - 172.16.10.255. E. 192.168.1.0 - 192.168.1.255. Answer: B, C, D Explanation: An ISA network is defined as the grouping of physical subnets that form a network topology that is attached to a single ISA Server network adapter. In the exhibit there are four physical subnets. The subnets are connected to each other with switches. ISA sees these individual subnets as only two networks, an internal network and a perimeter network (also called DMZ) because it has network adapters attached to only a single subnet on each of the network. To further illustrate, a uni-homed (single NIC) server would see the range of all IP addresses on the Internet as a single ISA network. In our scenario the internal network consists of 172.16.1.0 - 172.16.1.255, 172.16.2.0 - 172.16.2.255 and 172.16.10.0 - 172.16.10.255. A perimeter network, also known as a demilitarized zone (DMZ), or screened subnet, is a network that you set up separately from an internal network and the Internet. Perimeter networks allow external users to gain access to specific servers that are located on the perimeter network while preventing direct access to the internal network. In this way, even if an attaITKer penetrates the perimeter network security, only the perimeter network servers are compromised. In our scenario the DMZ consists of 10.0.25.1 - 10.0.25.255. Question 9. You work as the network administrator at ITCertKeys.com. The ITCertKeys.com network consists of a single Active Directory domain named ITCertKeys.com. ITCertKeys.com contains a Research department. ITCertKeys.com contains an ISA Server 2004 computer named TESTING-SR10 and a Web server named ITCertKeys -SR11. ITCertKeys -SR10 has two network adapters. The Internal network is configured with an access rule to allow the employees in the Research department to have HTTP access to the Internet. On ITCertKeys -SR10, you then create a third network adapter which is connected to a perimeter network and place ITCertKeys -SR11 on this perimeter network. The ITCertKeys.com manager wants the Web server to be accessible to the operating systems of the Internal network. You then create a computer object for ITCertKeys -SR11 and then create an access rule that allows the Research department employees' access to ITCertKeys -SR11. Users are not required to authenticate with ITCertKeys -SR10 to access ITCertKeys -SR11. Now you receive complaints from the employees in the Research department that they cannot access information on ITCertKeys -SR11. When they try to access the Web site, they receive an error message: "Error Code 10060: Connection timeout. BaITKground: There was a time out before the page should be retrieved. This might indicate that the network is congested or that the website is experiencing technical difficulties." You then make sure that ITCertKeys -SR11 is in operational. Now you need to ensure that the Research department employees on the Internal network can access information on ITCertKeys -SR11. What should you do? A. You need to create a network rule that sets a route relationship between the Internal network and the perimeter network. B. You need to create a server publishing rule that publishes ITCertKeys -SR11 to the Internal network. C. You need to create a Web publishing rule that publishes ITCertKeys -SR11 to the Internal network. D. You need to create an access rule that allows ITCertKeys -SR11 access to the Internal network. Answer: A Explanation: You need to create new Networks whenever a new Network is introduced into your environment. All addresses located behind any particular NIC are considered a Network by the ISA firewall; you need to create a new Network when additional NICs are added to the firewall. Also you need to create a network relationship between networks. This can be a route or NAT relationship. If there is no relationship between networks, then all traffic will be dropped by the ISA Server. Question 10. You work as the network administrator at ITCertKeys.com. The ITCertKeys.com network consist of a single Active Directory domain named ITCertKeys.com. Your duties at ITCertKeys.com include administering an ISA Server 2004 computer named ITCertKeys -SR14. ITCertKeys.com is divided into several departments of which the Marketing department is one. A portion of the network is configured as seen in the exhibit. You were installing ISA Server 2004 on ITCertKeys -SR14 where you defined the Internal network address range as 10.0.1.0 through 10.0.1.255. You also create an access rule to allow all traffic from the Internal network to the External network. The employees in the Marketing department are not required to be authenticated to use this rule. One morning you received a report from the employees on the following networks: IDs 10.0.2.0/24 and 10.0.3.0/24 complaining that they cannot connect to the Internet. To this end you then cheITK the routing tables on the router and on ITCertKeys -SR14 and saw that is was correctly configured. However, you need to ensure that users on network IDs 10.0.2.0/24 and 10.0.3.0/24 can connect to the Internet. What should you do? A. You must create a subnet network object for network ID 10.0.2.0/24 and for network ID 10.0.3.0/24. B. You must add the address ranges 10.0.2.0 through 10.0.2.255 and 10.0.3.0 through 10.0.3.0 through 10.0.3.255 to the definition of the Internal network. C. You must create two new networks, one for network ID 10.0.2.0/24 and one for 10.0.3.0/24. Create access rules to allow these networks access to the Internet. D. You must create two new networks, one for network ID 10.0.3.0/24 and one for 10.0.3.0/24. Create a new network set containing these networks. Create an access rule to allow this network set access to the Internet. Answer: B Explanation: ISA Server can construct the Internal network, based on your Microsoft Windows Server 2003 or Windows 2000 Server routing table. You can also select the private IP address ranges, as defined by IANA in RFC 1918. These three bloITKs of addresses are reserved for private intranets only and are never used on the public Internet. The routing table reflects a topology of the Internal network, in this scenario it is comprised of the subnets 10.0.1.0/24, 10.0.2.0/24 and 10.0.3.0/24. When Andy Reid configured the Internal network for ISA Server, it should include all those ranges (subnets). If you create distinct networks for each of those subnets, rather than a single network, then ISA Server will consider the 10.0.2.x and 10.0.3.x networks temporarily disconnected, because there is no network adapter associated with them.
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.