Search

In Stock

TEST BANK 70-297 MCSE GUIDE TO DESIGNING A MICROSOFT WINDOWS SERVER 2003 ACTIVE DIRECTORY AND NETWORK INFRASTRUCTURE 1ST EDITION BY JAY ADAMSON

Instant delivery only

$28.00

Compare
SKU:tb1001368

TEST BANK 70-297 MCSE GUIDE TO DESIGNING A MICROSOFT WINDOWS SERVER 2003 ACTIVE DIRECTORY AND NETWORK INFRASTRUCTURE 1ST EDITION BY JAY ADAMSON

Chapter 6: Remote Access and Address Management

TRUE/FALSE

  1. Whenever Windows Server 2003 is installed as a DC, it automatically becomes a Kerberos Key Distribution Center service.

ANS: T PTS: 1 REF: 394

  1. RIP Version 1 supports classless interdomain routing and variable-length subnet mask implementation.

ANS: F PTS: 1 REF: 398

  1. There is a limit to the number of OUs that can exist within an individual domain.

ANS: F PTS: 1 REF: 410-411

  1. Lease duration affects the amount of time that the DHCP server can be offline before problems arise.

ANS: T PTS: 1 REF: 443

  1. The dial-in permission set on a user account overrides the permission option in the Properties dialog box, except in the case of native-mode administration model, where all user accounts are set to Control Access Through Remote Access Policy.

ANS: T PTS: 1 REF: 413

MODIFIED TRUE/FALSE

  1. Authentication messages are defined in RFC 2800. _________________________

ANS: F, 2865

PTS: 1 REF: 423

  1. All RADIUS messages use UDP for transmission. _________________________

ANS: T PTS: 1 REF: 423

  1. A(n) scope can span up to a single subnet. _________________________

ANS: T PTS: 1 REF: 443

  1. The maximum number of hops for RIP networks is 15 routers. _________________________

ANS: T PTS: 1 REF: 398

  1. The Extensible Authentication Protocol is used to send passwords in open text. _________________________

ANS: F, Password Authentication

PTS: 1 REF: 394

MULTIPLE CHOICE

  1. Which of the following is a standard Internet protocol for authenticating users and systems, and is the primary authentication protocol used by Windows Server 2003?

a.

NTLM

c.

Kerberos Version 5

b.

.NET Passport Authentication

d.

EAP

ANS: C PTS: 1 REF: 393

  1. Which of the following uses a very simple, plain-text authentication protocol?

a.

Kerberos Version 5

c.

NTLM

b.

PAP

d.

EAP

ANS: B PTS: 1 REF: 394

  1. _____ is the process of identifying a user.

a.

Authorization

c.

NTLM

b.

PAP

d.

Authentication

ANS: D PTS: 1 REF: 411

  1. _____ is the process of allowing or denying a user access to a system and the objects on that system based on the user’s identity.

a.

Authorization

c.

Authentication

b.

PAP

d.

NTLM

ANS: C PTS: 1 REF: 411

  1. _____ is the authentication protocol most commonly used by Internet service providers.

a.

NTLM

c.

PAP

b.

RADIUS

d.

KDC

ANS: B PTS: 1 REF: 422

  1. A(n) _____ is a range of possible IP addresses on a network.

a.

session

c.

scope

b.

frame

d.

data link

ANS: C PTS: 1 REF: 443

  1. A(n) _____ is a collection of scopes gathered together into a single administrative grouping.

a.

superscope

c.

interscope

b.

megascope

d.

intrascope

ANS: A PTS: 1 REF: 444

  1. The _____ layer of the OSI model is responsible for the end-to-end integrity of data transmission.

a.

session

c.

transport

b.

application

d.

physical

ANS: C PTS: 1 REF: 390

  1. Which of the following provides both the Authentication Service and Ticket Granting Service that is required in Kerberos authentication?

a.

EAP

c.

MS-CHAP v2

b.

NTLM

d.

KDC

ANS: D PTS: 1 REF: 394

  1. The Key Distribution Center Service account _____ is used to authenticate a DC when it is authenticating users or client computers in other domains.

a.

Kerberos

c.

scope

b.

krbtgt

d.

kdcs

ANS: B PTS: 1 REF: 396

  1. _____ options apply to all clients of the DHCP server. The main use would be for parameters common across all scopes installed on the server.

a.

Server

c.

Client

b.

Scope

d.

Class

ANS: A PTS: 1 REF: 438

  1. A DHCP client will always request a renewal of its lease when _____ percent of the lease time has expired. If it fails to connect to the DHCP server, it will try again when _____ percent of the lease time is up.

a.

30, 50

c.

50, 85.5

b.

40, 75

d.

50, 95.5

ANS: C PTS: 1 REF: 442

  1. One of the main reasons for using superscopes is _____.

a.

You need to remove the DHCP server from the subnet.

b.

The DHCP client cannot contact the DHCP server.

c.

A scope has too many IP addresses.

d.

You need to renumber the IP network and therefore move the clients from one set of addresses to another.

ANS: D PTS: 1 REF: 444

  1. Which of the following protocols enables the use of Active Directory information during the authentication of Internet, intranet, and extranet users?

a.

Kerberos Version 5

c.

NT LAN Manager

b.

.NET Passport Authentication

d.

Extensible Authentication Protocol

ANS: B PTS: 1 REF: 393

  1. There are three levels of OSPF design: _____.

a.

autonomous system design, area design, and network design

b.

subnet design, area design, and network design

c.

subnet design, host design, and network design

d.

autonomous system design, subnet design, and host design

ANS: A PTS: 1 REF: 398

  1. RADIUS uses UDP ports _____.

a.

65 and 92

c.

10 and 21

b.

1812 and 1813

d.

1645 and 1646

ANS: B PTS: 1 REF: 423

YES/NO

  1. Will the definition of an extensive logging and auditing strategy lower the performance of your server on your network?

ANS: Y PTS: 1 REF: 424

  1. Is it necessary for a TCP/IP-based network to use DHCP?

ANS: Y PTS: 1 REF: 430

  1. Is it necessary for DHCP servers running on Windows NT 4.0 to register and be authorized by Active Directory?

ANS: N PTS: 1 REF: 439

  1. Kerberos tickets are maintained in a local cache and are aged. Do they have any value after they have expired?

ANS: N PTS: 1 REF: 395

  1. Can you store remote access policies on the server that hosts the RRAS?

ANS: Y PTS: 1 REF: 410

COMPLETION

  1. The default length of time Kerberos tickets are valid is ____________________ hours.

ANS:

eight

8

PTS: 1 REF: 396

  1. The ____________________ Protocol was designed as an extension to the Point-to-Point Protocol and provides greater extensibility and flexibility in the implementation of authentication methods for the PPP connection.

ANS:

Extensible Authentication

extensible authentication

PTS: 1 REF: 394

  1. You can determine whether your DHCP server has been authorized in Active Directory using the Active Directory ____________________ console.

ANS: Sites and Services

PTS: 1 REF: 439

  1. The default lease time for a Widows Server 2003 server is ____________________ days.

ANS:

eight

8

PTS: 1 REF: 442

  1. A(n) ____________________ attack can be initiated on your computer by a hacker performing a large number of dynamic updates through the DHCP.

ANS:

DoS

denial of service

PTS: 1 REF: 445

MATCHING

Match each item with a statement below.

a.

IP

f.

Permissions

b.

Presentation layer

g.

Internet Authentication Service

c.

MS-CHAP v2

h.

Access-Request

d.

Kerberos Key Distribution Center

i.

Scope

e.

Authorization

  1. Used for network and dial-up authentication.
  1. The dominant routable protocol.
  1. Performed when the client sends the user’s username and password to the server using an authentication protocol.
  1. Can be used to provide encryption and decryption services.
  1. RADIUS authentication message.
  1. Role is to authenticate Kerberos clients.
  1. Used to set aside a range or a pool of consecutive IP addresses that can be distributed to clients.
  1. Uses the data stored on the domain controller to verify authentication requests received through the RADIUS protocol.
  1. Set on a user account and denied by default.
  1. ANS: C PTS: 1 REF: 393
  1. ANS: A PTS: 1 REF: 390
  1. ANS: E PTS: 1 REF: 411
  1. ANS: B PTS: 1 REF: 390
  1. ANS: H PTS: 1 REF: 423
  1. ANS: D PTS: 1 REF: 394
  1. ANS: I PTS: 1 REF: 443
  1. ANS: G PTS: 1 REF: 422
  1. ANS: F PTS: 1 REF: 413

SHORT ANSWER

  1. List five security features of IPSec.

ANS:

The features include:

Authentication using digital signature to identify the sender

Integrity through the use of hash algorithms, ensuring that the data has not been altered

Privacy through encryption that protects the data from being read

Anti-replay, which prevents unauthorized access by an attacker who resends packets

Nonrepudiation through the use of public-key digital signatures that prove the message’s origin

Dynamic rekeying that allows keys to be generated during communication so that the different transmissions are protected with different keys

Key generation using the Diffie-Hillman key agreement algorithm, which allows computers to agree on a key without having to expose it

Key lengths that are configurable to allow for export restrictions or highly sensitive transmissions

PTS: 1 REF: 409-410

  1. For each layer in the OSI model, list the common remote access components.

ANS:

Layer 7 FTP, SMTP, HTTP, RLOGIN, DHCP, BOOTP

Layer 6 Lightweight Presentation Protocol

Layer 5 LDAP, DNS, NetBIOS

Layer 4 TCP, DNS, NetBIOS

Layer 3 IP

Layer 2 CHAP, PPP, PPTP

Layer 1 Analog, ISDN, ADSL, Frame Relay

PTS: 1 REF: 391

  1. List three factors to be considered when designing your DHCP network.

ANS:

Factors to be considered:

Draw yourself a map of your network. Make sure you show each physical and logical subnet and the routers between the various subnets.

If the network uses routers to subnet the network, do the routers support forwarding DHCP broadcasts? Most new routers do, but that option must be turned on.

Sectioning the IP address range between two servers will provide fault tolerance.

Depending on the speed and reliability of your network and the links between your subnets, the routers can be configured to forward DCHP broadcasts (or you could add a DMCP relay agent).

If you are planning to the DHCP server to update DNS records for legacy clients, do not run the DHCP service on a domain controller. Doing so would cerate a security risk.

Remember that the recommendation is that a single DHCP server can provide services for 10,000 or fewer clients and 1000 or fewer scopes; therefore, make sure you size your servers appropriately.

DHCP servers access their disk drives very frequently. Make sure you use either a disk drive with a fast access time or a hardware RAID disk controller.

If you are still using any Windows NT 4 domain controllers, make sure you have them upgraded to Windows Server 2003.

PTS: 1 REF: 430-431

  1. What decisions do you need to make when creating a scope?

ANS:

The decisions include:

The starting and ending addresses of the range you want to use

The subnet mask of the subnet in question

Whether there are clients using static IP addresses within this range that will need to be excluded from the pool

The amount of time the lease duration should be for the IP addresses leased from this scope

The IP configuration information you want to pass to clients, in addition to the IP address and the subnet mask

Whether you need to reserve specific IP addresses for specific clients

PTS: 1 REF: 444

  1. In the administer-access-by-policy model in a Windows 2000 native or Windows Server 2003 domain, there are two alternatives for controlling access. List the two alternatives.

ANS:

Set the remote access permissions on every user account to Control Access through Remote Access Policy.

Determine your remote access permissions by the Remote Access Permission setting on the remote access policy.

PTS: 1 REF: 416

Reviews

There are no reviews yet.

Write a review

Your email address will not be published. Required fields are marked *

Back to Top
Product has been added to your cart