|
Question 555. You are the administrator of a Windows Server 2003 computer named ITCertKeys1. ITCertKeys1 is a member server that has the DNS service installed. ITCertKeys1 hosts a standard primary DNS zone. This zone contains host records for 15 production servers. You need to configure the DNS service on ITCertKeys1 to ensure that no client-initiated host updates from Windows XP Professional client computer or Windows Server 2003 computer are added to the zone. What should you do? A. Configure the DNS zone with a Dynamic updates setting of None. B. Configure ITCertKeys1 as a caching-only server. C. Configure the DNS zone to allow zone transfers to only servers that have name server (NS) resource records. D. Delete all entries in the Root Hints tab in the properties of ITCertKeys1. Answer: A Explanation: A dynamic update is an update to the DNS standard that permits DNS clients to dynamically register and update their resource records in zones. Dynamic updates can be disabled on the host and for some environments, this might make sense. Dynamic updates can be disabled for the computer or for one or more interfaces on that computer. By changing this default value in the Windows Server 2003 registry, the DNS client is prevented from registering A and PTR RRs for whichever interfaces are specified. Thus by configuring the DNS zone setting of None for Dynamic Updates you can ensure that no client-initiated host updates are added to the zone. Incorrect answers: B: A Caching-only server is a DNS server set up to resolve the queries of DNS clients using its configured root hints or any DNS forwarders. Caching-only DNS servers build up a local cache of resolved queries while performing recursive DNS queries for its clients. DNS caching-only servers are not authoritative and thus do not host any local DNS zones. C: The Name Server (NS) resource record indicates which DNS servers are authoritative for the zone.They specify both primary and secondary servers for the zone indicated in the SOA record.They also indicate servers for any delegated zones. This will not prevent dynamic updates that cause client-initiated host updates being added to the zone. D: Deleting all entries in the Root Hints tab in the properties of ITCertKeys 1 will not prevent client-initiated host updates frpm computers that will be added to the zone. Reference: James Chellis, Paul Robichaux and Matthew Sheltz, MCSA/MCSE: Windows Server 2003 Network Infrastructure Implementation, Management, and Maintenance Study Guide, Sybex Inc. Alameda, 2003, pp. 246, 283 Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd & Laura Hunter, MCSA/MCSE Exam 70-291: Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure Guide & DVD Training System, Syngress Publishing, Rockland, 2003, pp. 427, 480 Question 556. You are the network administrator for ITCertKeys. The network consists of a single Active Directory domain named ITCertKeys.com. The network topology is shown in the exhibit. The configurations of the DNS servers that host the stone named ITCertKeys.com are shown in the following table. Server Zone type Server role Location ITCertKeys1 Active Directory-integrated Domain controller New York ITCertKeys2 Active Directory-integrated Domain controller Chicago ITCertKeys3 Secondary Member server Caracas The refresh interval for the zone is one hour. The zone contains 10,000 records. The network connection to Caracas is operating at 90 percent of capacity. You remove ITCertKeys3 from the network to perform hardware maintenance. Two hours later, you bring ITCertKeys3 back on the network. You need to ensure that ITCertKeys3 can immediately provide accurate responses to client computer requests for data. You also need to ensure that no unnecessary traffic is generated by the DNS servers. What should you do on ITCertKeys3? A. Transfer the zone from the master server. B. Reload the zone from the master server. C. Update server data files. D. Scavenge stale resource records. Answer: A Explanation: A DNS zone transfer is the process by which the zone's resource records are copied, or replicated, to other DNS servers. The resource records in the zone are stored in a database that is copied at specified intervals to other DNS servers to ensure reliable host name resolution. Thus transferring the zone from the master server will have the desired effect. Incorrect answers: B: Reloading the zone is not going to make sure that unnecessary traffic is not generated by the DNS servers. C: Updating server data files is not going to ensure that unnecessary traffic is generated on the DNS servers. It is irrelevant in this case. D: Be careful when enabling DNS scavenging and understand that it is disabled by default for a reason. If it is set up incorrectly, vital DNS resource records could be deleted accidentally, causing more problems than an abundance of stale records. Scavenging stale resource records is not advised in this case. Reference: Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd & Laura Hunter, MCSA/MCSE Exam 70-291: Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure Guide & DVD Training System, Syngress Publishing, Rockland, 2003, pp. 434, 501 Question 557. You are a network administrator for ITCertKeys. The network consist of a single Active Directory domain named ITCertKeys.de. Users regularly browse the internal network and the Internet from their client computers. All Web and e-mail hosting for a separate DNS domain named ITCertKeys.com is outsourced to an ISP. All name resolution requests for ITCertKeys.com are resolved by the ISP. You have no administrative control over the DNS servers at the ISP. You cannot list the contents of ITCertKeys.com by using the nslookup command on the DNS servers at the ISP. A Windows Server 2003 computer named ITCertKeys1 is configured with a primary zone for ITCertKeys,de. All root hints have been removed from ITCertKeys1. All client computers refer to this DNS server for name resolution. You need to configure DNS resolution to ensure that all client computers can locate and access resources in ITCertKeys.com, ITCertKeys.com, and the Internet. What should you do? A. Configure a secondary zone for ITCertKeys.com on ITCertKeys1. B. Configure a primary zone for ITCertKeys.com on ITCertKeys1. C. Configure conditional forwarding for ITCertKeys.com with the IP address of the DNS server at the ISP. D. Configure a simple forwarding with the default settings with the IP address of the DNS server at the ISP. Answer: D Explanation: All queries from DNS servers within the organization to resolve names external to the organization can be sent through one (or more) forwarder for resolution.To accomplish this, the internal DNS servers must also be configured to forward queries for which they are not authoritative by providing the forwarding DNS server(s) IP address. Simple forwarding is akin to caching-only. This option of configuring simple forwarding with the default settings will ensure that all client computers will be able to locate and access resources in the ITCertKeys .net, ITCertKeys.com and the Internet. Incorrect answers: A: A secondary zone is a copy of the zone that is copied from the master server when replication of the zone occurs via zone transfer. This will not ensure that client computers can locate and access resources in the required domains and the Internet. B: A primary zone is the copy of the zone to which updates are made. A DNS server that is authoritative for a particular zone will make updates to the primary zone. But this will not comply with what is required by the client computers. C: Being able to selectively set up different forwarders for different domain names queried, is referred to as conditional forwarding. At the same time, you are able to enable or disable recursion for each of those domains separately. This is not what you should be doing under the circumstances, you should configure simple forwarding to enable the client computers to locate and access resources in the said domains and the Internet. Reference: Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Chad Todd & Laura Hunter, MCSA/MCSE Exam 70-291: Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure Guide & DVD Training System, Syngress Publishing, Rockland, 2003, pp. 424, 442, 494 Question 558. You are the network administrator for ITCertKeys. The network consists of a single Active Directory domain named ITCertKeys.com. The domain contains two domain controllers that are configured as DNS servers. Forward and reverse DNS lookup zones are configured on both DNS servers. You install the Windows Server 2003 administrative tools on your client computer. You use IP Security Monitor to view network information. You notice that many servers on the network are identified only by IP address within the IP Security Monitor interface. You need to ensure that servers on the network are listed by server names rather than IP addresses. What should you do? A. Configure your client computer to use the domain controllers for DNS lookups. B. Enable DNS name resolution in IP Security Monitor. C. Force a registration of DNS information on all servers on the network. D. Configure all servers on the network to support NetBIOS over TCP/IP. Answer: B Question 559. You are the network administrator for ITCertKeys. The network consists of a single Active Directory domain named ITCertKeys.com. All servers run Windows Server 2003. The domain contains two domain controllers named ITCertKeys1 and ITCertKeys2. You use a Windows XP Professional client computer named Client1. In Active Directory, the domain administrator creates two new user accounts named NetAdmin1 and AdminUser1. The NetAdmin1 account is a member of the Domain Admins global group. The AdminUser1 account is a member of only the Users local group. You assign the AdminUser1 logon account the Allow log on locally user right in the Default Domain Controller Group Policy object (GPO). A new written security policy states that user accounts that are members of the Domain Admins global group should not be used to log on to the console of a domain controller. It also states that administrative tasks should be performed by using the Secondary Logon service. You now need to create a new computer account in Active Directory, and you must comply with the new ITCertKeys security policy. What should you do? A. Log on to ITCertKeys1 by using the AdminUser1 user account. Run the dsa.msc command. B. Log on to ITCertKeys1 by using the NetAdmin1 user account. Run the dsa.msc command. C. Log on to Client1 by using the AdminUser1 user account. Run the runas /user:netadmin1 dsa.msc command. D. Log on to Client1 by using the NetAdmin1 user account. Run the runas /user:adminuser1 dsa.msc command. Answer: C Explanation: To create a new computer account in Active Directory, we need to run Active Directory Users and Computers (dsa.msc) using the credentials of a domain admin account. We can do this by logging into the client computer using the adminuser1 account (which has just 'user' rights) and running the 'runas' command to open dsa.msc using the credentials of a domain admin account. Incorrect answers: A: This would open Active Directory Users and Computers using the credentials of the user account. To create a new computer account in Active Directory, we need to open Active Directory Users and Computers as a domain admin. B: The question states: "A new written security policy states that user accounts that are members of the Domain Admins global group should not be used to log on to the console of a domain controller". Therefore, this answer is incorrect. D: This answer suggests logging as the domain admin and running Active Directory Users and Computers using the credentials of the 'user' account. We need to be logging in as the user and running Active Directory Users and Computers as a domain admin. Question 560. You are the administrator of an Active Directory domain named ITCertKeys.com. All servers run Windows Server 2003. All client computers run Windows XP Professional. An unauthorized file sharing application named Fileshare.exe is being used on your network. The default installation directory for Fileshare.exe is C:\Program Files\File Share\. You need to prevent all users from using the unauthorized file sharing application, even if they rename the application. You create a new software restriction policy in the Default Domain Policy Group Policy object (GPO). You now need to configure the software restriction policy. What should you do? A. Create a new path rule for Fileshare.exe. Set the security level to Disallowed for the new rule. B. Create a new hash rule for Fileshare.exe. Set the security level to Disallowed for the new rule. C. Create a new path rule for C:\Program Files\File Share\. Set the security level to Disallowed for the new rule. D. Set the default security level to Disallowed for the software restriction policy. Answer: B Explanation: When you create a hash rule, you identify a specific file to which you want the rule to apply, and the system generates a hash on the file, including attributes such as date and time of creation and file size. After the policy is in place, the system performs a hash on each file accessed, and if the hash matches the hash in the rule, the rule is applied. Since several rules can be applied to the same program, there is an established order of precedence that is applied. A rule based on a higher precedence will override a conflicting rule applied with a lower precedence. Take for example the following order: 1. Hash rule 2. Certificate rule 3. Path rule 4. Internet zone rule Based on this order, if a program is unrestricted based on a hash rule but disallowed based on a path rule, the program will run, as the hash rule has precedence over the path rule. For path rules, there is an additional order of precedence based on the path specified. If there are conflicting path rules, the more restrictive path rule will apply. Incorrect answers: A: When you create a path rule, you identify a file or set of files based on their location on disk. The path can identify the path to a folder, a specific file, or a set of files based on a wildcard. When the system processes a file request when path rules are in place, it will compare the file requested to the path rules, and process the rule if there is a match. This is not what is needed. C: Creating a path rule is wrong; furthermore the rule should be for the Fileshare.exe and not C:\Program Files\File Share\. D: This is irrelevant. Reference: Michael Cross and Jeffery A. Martin, MCSE Exam 70-294: Planning, Implementing, and Maintaining a Windows Server 2003 Active Directory Infrastructure Study Guide & DVD Training System, Syngress Publishing, Rockland, 2003, p. 617 Question 561. You are the network administrator for ITCertKeys. The network consists of a single Active Directory domain named ITCertKeys.com. All servers run Windows Server 2003. All client computers run Windows XP Professional. You install Software Update Services (SUS) on a network server named ITCertKeys1. When you attempt to synchronize ITCertKeys1 with the Windows Update servers, you receive an error message. You suspect that your proxy server requires authentication. You open Internet Explorer and verify that you can communicate with an external Web site by using the proxy server. You need to ensure that ITCertKeys1 can communicate with the Windows Update servers. What should you do on ITCertKeys1? A. Restart the IIS administration tool. B. Configure the Internet Explorer settings to bypass the proxy server. C. In the SUS options, configure authentication to the proxy server. D. Install the Microsoft Firewall Client. Answer: C Explanation: If you are running Windows Server 2003 as a proxy server so your internal clients can surf the Web, or if you’re running it as an e-mail server, dial-up connections to the Internet are an option worth looking into. Incorrect answers: A: Internet Information Services (IIS) is software that serves Internet higher-level protocols such as HTTP and FTP to clients using web browsers. The IIS software that is installed on a Windows Server 2003 computer is a fully functional web server and is designed to support heavy Internet usage. But this is not the issue here. B: It is not necessary to bypass the proxy server. D: SUS is used to deploy a limited version of Windows Update to a corporate server, which in turn provides the Windows updates to client computers within the corporate network. This allows clients that are limited to what they can access through a firewall to still keep their Windows operating systems up-to-date. However, there is no need to install the Microsoft Firewall Client in this case. Reference: Lisa Donald, Suzan Sage London & James Chellis, MCSA/MCSE: Windows®Server 2003 Environment Management and Maintenance Study Guide, Sybex Inc. Alameda, 2003, p. 59 Mark Minasi, Christa Anderson, Michele Beveridge, C.A. Callahan & Lisa Justice, Mastering™Windows® Server 2003, Sybex Inc., Alameda, 2003, p. 1588 Question 562. You are the network administrator for ITCertKeys. The network consists of a single Active Directory domain named ITCertKeys.com. The domain contains 15 Windows Server 2003 computers and 3,000 Windows XP Professional computers. All client computers are running the most recent service pack. You install and configure Software Update Services (SUS) on a server named ITCertKeys1. You install the Automatic Updates client on all client computers. All client computer accounts are in the Clients organization unit (OU). Currently all client computers obtain their Windows security updates from Windows Update. You want all client computers, and no other computers, to obtain their updates from ITCertKeys1. You need to configure all client computers to obtain Windows security updates from ITCertKeys1. You need to accomplish this task with the minimum amount of administrative effort. What should you do? A. Create a Group Policy object (GPO) named SUS and link it to the Clients OU. Open the SUS GPO and enable the Configure Automatic Update policy to automatically download updates. B. Create a Group Policy object (GPO) named SUS and link it to the Clients OU. Open the SUS GPO and enable the Specify intranet Microsoft updates service location policy to use http://ITCertKeys1 as the value for the update and statistics server. C. Create a Group Policy object (GPO) named SUS and link to the domain. Open the SUS GPO and enable the Specify intranet Microsoft update service location policy to use http://ITCertKeys1 as the value for the update and statistics server. D. Create a Group Policy object (GPO) named SUS and link it to the domain. Open the SUS GPO and enable the Configure Automatic Update policy to automatically download updates. Answer: B Explanation: To configure which server will provide automatic updates, you should click the Next Setting button in the Configure Automatic Updates Properties dialog box. This brings up the Specify Intranet Microsoft Update Service Location Properties dialog box. The properties that can be configured through group policy are as follows: (1) The status of the intranet Microsoft update service location as not configured, enabled, or disabled, (2) The HTTP name of the server that will provide intranet service updates and (3) The HTTP name of the server that will act as the intranet SUS statistics server. Thus if you want to configure all client computers to obtain Windows security updates from ITCertKeys.com1 with the least amount of administrative effort, you should create an appropriate GPO and link it to the Clients OU (all the client computers are located in this OU), and then do the proper configuration regarding the Specify intranet Microsoft updates service location. Incorrect answers: A: The first part of the option is correct, but you should not enable the Configure Automatic Update policy to automatically down load updates as this could result in the client computers not obtaining their updates from ITCertKeys.com1. C: This option could work but it would not be appropriate in this case as the GPO should be linked to the Clients OU and not the domain. D: Linking the newly created GPO to the domain would be wrong in this case as well as enabling the Configure Automatic Updates policy to automatically download updates. Reference: Lisa Donald, Suzan Sage London & James Chellis, MCSA/MCSE: Windows®Server 2003 Environment Management and Maintenance Study Guide, Sybex Inc. Alameda, 2003, pp. 147- 149 Question 563. You are the network administrator for ITCertKeys. The network consists of a single Active Directory domain named ITCertKeys.com. All client computers run either Windows 2000 Professional or Windows XP Professional. All servers run either Windows 2000 Server or Windows Server 2003. There are no service packs installed on any network computers. You install Software Update Services (SUS) on a server named ITCertKeys1. You must ensure that all network computers can connect to ITCertKeys1. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two) A. Install Windows 2000 Service Pack 3 on all Windows 2000 Server computers and Windows 2000 Professional computers. Install the Automatic Updates client on all Windows XP Professional computers. B. Install Windows 2000 Service Pack 3 on all Windows 2000 Server computers and on all Windows 2000 Professional computers. Install Windows XP Service Pack 1 on all Windows XP Professional computers. C. Configure the Internet browser home page for all Windows XP Professional computers to point to http://windowsupdate.microsoft.com. Install the Active Directory client on all Windows 2000 Server computers and on all Windows 2000 Professional computers. D. Configure the Internet browser home page for all Windows 2000 Professional computers to point to http://windowsupdate.microsoft.com. Install Windows XP Service Pack 1 on all Windows XP Professional computers. E. Upgrade all client computers to Windows XP Professional. Install Active Directory on all Windows 2000 Server computers. F. Upgrade all client computers to Windows XP Professional. Install SUS on all Windows Server 2003 computers. Answer: A, B Explanation: SUS server requirements include that you should be running Windows 2000 Server with Service Pack 2 or higher or Windows Server 2003 A: For SUS to work you should also install Automatic Updates client on the Windows XP Professional computers. B: SUS supports Windows XP Home Edition (with Service Pack 1 or higher) and Windows XP Professional (with Service Pack 1 or higher) as client platforms. Incorrect answers: C & D: Configuring the Internet browser is not how SUS is installed. E: Active Directory (AD) is a directory service available with the Windows Server 2003 platform. The Active Directory stores information in a central database and allows users to have a single user account (called a domain user account or Active Directory user account) for the network. However, this option is not the solution. F: SUS is already installed on ITCertKeys.com1. You would need to install Automatic Updates client on the Windows XP Professional computers. Reference: James Chellis, Paul Robichaux & Matthew Sheltz, MCSA/MCSE: Windows®Server 2003 Network Infrastructure Implementation, Management, and Maintenance Study Guide, Sybex Inc., Alameda, 2003, p. 138 Question 564. You are a network administrator for ITCertKeys. The network consists of a single Active Directory domain named ITCertKeys.com. All servers run Windows Server 2003. Client computers run Windows XP Professional, Windows 2000 Professional, or Windows NT Workstation. All client computers are configured with default settings. A server named ITCertKeys1 functions as a DHCP and DNS server. All client computers are configured to use ITCertKeys1 for name resolution. All DNS zones on ITCertKeys1 are enabled for DNS dynamic updates. ITCertKeys's written security policy states that, when possible, the computer account for each client computer should be the owner of its own DNS host record. A server named ITCertKeys18 contains antivirus server software. ITCertKeys18 must be able to contact client computers by using fully qualified domain names (FQDNs) to propagate virus definition updates. You need to ensure that ITCertKeys18 can resolve FQDNs for all client computers on the network. Which option should you modify on ITCertKeys1? A. The Dynamically update DNS A and PTR records only if requested by the DHCP clients check box. B. The Always dynamically update DNS A and PTR records check box. C. The Discard A and PTR records when lease is deleted check box. D. The Dynamically update DNS A and PTR records for DHCP clients that do not request dynamic updates (for example, clients running Windows NT 4.0) check box. Answer: D Explanation: Dynamically Update DNS A And PTR Records For DHCP Clients That Do Not Request Updates - This checkbox lets you handle these older clients graciously by making the updates using a separate mechanism. When checking this check box you will ensure that ITCertKeys 18 can resolve FQDNs for all client computers on the network under the given circumstances and the role that ITCertKeys 1 plays. Incorrect answers: A: Dynamically Update DNS A And PTR Records Only If Requested By The DHCP Clients - This radio button (which is on by default) tells the DHCP server to register the update only if the DHCP client asks for DNS registration. When this button is active, DHCP clients that aren't hip to DDNS won't have their DNS records updated. However, Windows 2000, XP, and Server 2003 DHCP clients are smart enough to ask for the updates. B: Always Dynamically Update DNS A And PTR Records - This radio button forces the DHCP server to register any client to which it issues a lease. This setting may add DNS registrations for DHCP-enabled devices that don't really need them, like printer servers; however, it allows other clients (like Mac OS, Windows NT, and Linux machines) to have their DNS information automatically updated. This is not what is required. C: Discard A And PTR Records When Lease Is Deleted - When a DHCP lease expires, what should happen to the DNS registration? Obviously, it would be nice if the DNS record associated with a lease vanished when the lease expired; when this checkbox is checked (as it is by default), that's exactly what happens. If you uncheck this box, your DNS will contain entries for expired leases that are no longer valid; when a particular IP address is reissued on a new lease, the DNS will be updated, but in between leases you'll have incorrect data in your DNS-always something to avoid. Reference: James Chellis, Paul Robichaux and Matthew Sheltz, MCSA/MCSE: Windows Server 2003 Network Infrastructure Implementation, Management, and Maintenance Study Guide, p. 246
|
Question 1. Which two statements are true about initial access to the FirePass Controller? (Choose two.) A. The Admin has limited command line access through a serial terminal using "maintenance" at the console login. B. The Admin has Unix command line access through a serial terminal using root / default as the userid and password. C. The Admin has web configuration access to https://10.10.1.99/admin/ using admin / admin as the userid and password. D. The Admin has web configuration access to https://192.168.1.99/admin/ using admin / admin as the userid and password. E. The Admin has Unix command line access through a keyboard and monitor using root / default as the userid and password. Answer: A, D Question 2. Which two are valid ways to tell whether the Admin is connected to the Primary or a Secondary Node in a cluster of FirePass Controllers? (Choose two.) A. Admin console / Application Access option is present. B. Admin console / Network Access option is present. C. Admin console / Clustering option is present. D. Admin console / Clustering option absent. E. Admin console / Portal Access option is present. Answer: A, E Question 3. What answer contains the correct Source IP Address combination of the Network packet as it traverses the FirePass Server for an established Network Access connection given the following conditions? NAPT - disabled, Client machine IP Address - 216.34.94.17 VPN Pool Address range -104.21.47.0/24 FirePass Interface Addresses – External 110.121.32.10, Internal 205.229.151.10 - The first Source IP Address listed is from client to FirePass, the second is from FirePass to Server. A. 216.34.94.17 -- 205.229.151.10 B. 104.21.47.12 -- 205.229.151.10 C. 104.21.47.12 -- 104.21.47.12 D. 216.34.94.17 -- 104.21.47.12 E. 216.34.94.17 -- 216.34.94.17 F. 205.229.151.10 -- 205.229.151.10 Answer: D Question 4. Which three are valid options for EndPoint security checks? (Choose three.) A. file present B. client network access speed C. client MAC address D. McAfee Antivirus running certain version of Scan Engine E. processes present Answer: A, D, E Question 5. Which five types of connections to application servers can be supported by the FirePass Application Access feature set? (Choose five.) A. email access to Windows Exchange Server B. X-windows access to Windows Server C. Terminal Server access to Windows Terminal Server D. X-windows access to Unix host E. Terminal Server access to Citrix Server F. ssh access to mainframe G. ssh access to Unix host Answer: A, C, D, E, G Question 6. Which two statements are true about Clustering on FirePass? (Choose two.) A. The boxes are synched from Master to Secondary automatically every 10 to 30 seconds. B. The boxes are synched from Master to Secondary manually by an Administrator. C. If using failover pairs, the Standby Secondary boxes get their configuration from their Active failover partner. D. The boxes are synched from Secondary to Master automatically every 10 to 30 seconds. E. The boxes are synched from Secondary to Master manually by an Administrator. F. If using failover pairs, the Standby Secondary boxes get their configuration directly from the Master box. Answer: A, C Question 7. Which two settings can be configured by Group for a Network Access connection? (Choose two.) A. Split Tunneling B. FQDN for attached client machine C. NAPT D. Gateway E. IP Address pool for client source addresses Answer: A, E Question 8. Which two statements are true about the IP Address Pool for Network Access? (Choose two.) A. Only one IP Address pool may be configured on the FirePass Controller. B. The IP Address range for the pool must not include any of the configured FirePass interface addresses. C. The IP Address range for the pool must include one of the configured FirePass interface addresses. D. Different user groups may be configured to use different IP Address pools. E. The IP Address range for the pool must include all of the configured FirePass interface addresses. Answer: B, D Question 9. Which three are valid Terminal Server configurations on FirePass? (Choose three.) A. TN3270 connection for Mainframe B. AppTunnel connection for Windows Terminal Server C. Portal Access (no client download) connection for Citrix Server D. Terminal Server connection for Citrix Metaframe E. Web Application connection for Windows Terminal Server F. Terminal Server connection for VNC Answer: B, D, F Question 10. Which FirePass Admin navigation screen is correct for installing either a Client SSL Certificates or a Client Revocation List? A. Device Management / Maintenance / Security / Certificates B. Device Management / Security / CRL C. Device Management / Install / Certificates D. Device Management / Install / CRL E. Device Management / Maintenance / Security / CRL F. Device Management / Security / Certificates Answer: F Question 11. Which two statements are true concerning FirePass users? (Choose two.) A. FirePass users can be added from a VASCO Server either through an Import or Signup template. B. FirePass Administrators can delete users authenticated by the FirePass internal database. C. FirePass users can be added from a Radius Server either through an Import or Signup template. D. FirePass users can be added from a LDAP Server either through an Import or Signup template. E. FirePass Administrators can delete users from an Active Directory Server from the FirePass Admin console. Answer: B, D
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.