Configure all the clients as Web proxy clients,and the users requiring access to the Winsockapplication, install the firewall client.. Configure all the clients as Web proxy clients,and
Trang 134 You are administering an ISA Server array, andwant to create a site and content rule to allowusers to gain access to a Web site When youattempt to create this rule, the option to allowaccess is not available, you can only deny access.
What is causing this problem?
A You must be a member of the EnterpriseAdmins group to configure this rule
B There is already a rule to allow access to theWeb site configured
C There is an Enterprise policy defined for thisarray
D Array policies are only defined to deny access,not allow access
35 As the network administrator for your tion, you are in the process of installing ISAServer You have selected the Integrated installa-tion mode, because you want to have the ISAServer perform forward caching When the instal-lation program presents you with the interface tospecify the initial cache size, there are no driveslisted in the drive selection box What is thecause of this problem?
organiza-A There is insufficient drive space available forcaching
B There is only one volume on the hard drive
The cache must be on a separate volume thanthe operating system
C There are no NTFS volumes on the system
D Caching is not available in Integrated mode
36 Your company has established a joint venturewith another company, and some of youremployees will be working at the partner compa-ny’s location These users will need to connect toyour company’s intranet site from the remotelocation The partner company uses a third-party
proxy server product Which authenticationmethod should you use to provide secure access
to your intranet from the partner company’s tion?
loca-A Basic Authentication
B Digest Authentication
C Integrated Windows Authentication
D Client Certificate Authentication
37 Your company has a secure intranet site that youwould like to make available over the publicInternet The Web server runs Microsoft InternetInformation Server v5, and is accessible on theprivate network The Web server is configured touse Integrated Windows Authentication Whenusers access the Web server on the private net-work, they authenticate normally by enteringtheir ID and password When users attempt toaccess the server from across the Internet, they areforced to enter their ID and password twice.Which of the following explains why this is happening?
A This is normal Windows NT Challenge/Response authentication behavior
B Because the ISA Server and the IIS server areusing two different authentication methods
C The ISA Server must always authenticate auser to a Windows domain before passing therequest to the Web server
D Because the ISA listener is configured torequire authentication This authentication is
in addition to any authentication performed
by the Web server
38 You have been asked by the network tor for some assistance The administrator wouldlike to determine if the current ISA Server config-uration and hardware is providing acceptable
Trang 2administra-Winsock-based application to only the three usersthat require it?
A Configure all the clients as Web proxy clients
B Configure all the clients as SecureNATclients
C Configure all the clients as firewall clients
D Configure all the clients as Web proxy clients,and the users requiring access to the Winsockapplication, install the firewall client
E Configure all the clients as Web proxy clients,and the users requiring access to the Winsockapplication, install the SecureNAT client
41 The manager of a real-estate office calls you with
a problem The local telephone company hasinstalled a DSL line into the office to provideInternet access to the agents The office has aWindows 2000 Server that they use for file andprint sharing The manager tells you that one ofher agents has the responsibility of creating andmanaging their Web page Her problem is thatseveral of the other agents are using this Internetconnection to download pictures, MP3 files, andother unnecessary files She would like to permitonly the one agent the capability to FTP files toand from the Internet, and all other users thecapability to only use the connection for Webbrowsing Which of the following methods wouldyou use to provide this security to this company?
A Web proxy client
B SecureNAT client
C Firewall client
D Winsock proxy client
42 The network administrator of the company thatyou work for has asked to you handle the config-uration of the end-user computers for him Heinforms you that the company has installed and
performance for servicing user requests to Webpages on the Internet You would like to verifythat the company’s connection to the Internet isutilized as efficiently as possible Which of thefollowing Performance Monitor object would youselect to evaluate this information?
A ISA Server Bandwidth Control
B ISA Server Cache
C ISA Server Firewall Service
D ISA Server Packet Filter
E ISA Server Web Proxy Service
39 Your company has recently created its public Website, and has also configured a DNS server tohandle name resolution for Internet clients
Because the DNS server has a network interfacefor both the Internet and the internal network,you have decided to install ISA Server on thecomputer running DNS You need to configure apacket filter to allow the DNS service to continue
to respond to DNS queries from the Internet
Which of the following port numbers should youallow access to from the Internet? (Select twoanswers.)
Which of the following will allow access to the
Trang 3configured a new ISA Server, and he asks you toconfigure all of the end user computers to beWeb proxy clients The company has 200Windows 98 computers, 10 Windows NT 4.0computers, and 75 Windows 2000 Professionalcomputers You have also installed MicrosoftInternet Explorer 5.0 on all computers Howwould you configure each of the computers to beWeb proxy clients?
A Open the TCP/IP properties, and set theDefault Gateway to the IP address of the ISAServer
B Open the Properties page of InternetExplorer, place a check mark in the Use aProxy Server box, and specify the IP addressand port numbers for the ISA Server
C From each computer, connect to the
\MSPClnt share of the ISA Server, and runSetup.exe
D At each of your routers, create a static route
of 0.0.0.0, and set the gateway address of theroute to the IP address of the ISA Server
43 The Information Systems manager of your pany has requested that you assist her with a pro-ject Your company has a mail server that is usedfor internal email only She would like to makethe mail server accessible over the Internet, sousers can access their mailboxes from other loca-tions, and customers can send email directly toyour employees She requires that the mail server
com-be secure, as it also is used for file and print vices She would also like to have content filteringapplied to all incoming email What is the sim-plest method of making this server available?
ser-A Publish the server using the Mail ServerSecurity Wizard The default options are SSLauthentication and the application of contentfilters on incoming email
B Publish the server using the Mail ServerSecurity Wizard Select the option use SSLauthentication and the application of contentfilters on incoming email
C Publish the server using the Mail ServerSecurity Wizard Configure the ISA Server touse IPSec to connect to the mail server, andcreate a content filter rule for incoming email
D Publish the server using the Mail ServerSecurity Wizard Configure the ISA Server touse IPSec for client connections over theInternet, which will secure communications.Create a content filter rule for incomingemail
44 You have been hired to assist a small turing company provide Internet access to itsemployees The company has 45 computers run-ning Windows 98 and 20 computers runningWindows 2000 Professional The company alsohas four Windows 2000 Server computers, one is
manufac-a dommanufac-ain controller only, manufac-and one is manufac-a dommanufac-aincontroller and also hosts the users home directo-ries Another server runs Exchange 2000, and thefourth server hosts the company’s Web site Youhave decided to install ISA Server on the Webserver Which of the following Security Levelsshould you select for this scenario?
A Secure
B Limited Services
C Dedicated
D Integrated
45 As the network administrator for a small
comput-er consulting firm, sevcomput-eral of the employees arerequesting access to the internal network fromcustomer locations You have decided to use ISA Server’s Virtual Private Networking feature
to accomplish this The consultants in your
Trang 4site, the Web administrator has changed to theport number used to connect to the site to
27443 All three Web sites are published to theISA Server Employees at remote locations areunable to connect to the employee’s only site.What must be done to correct this problem?
A You must change the employees’ site back tothe default TCP port for HTTPS
B On the Web Publishing Rules Propertiespage, set the Use This Port For RedirectingHTTP Requests box to 27443
C On the Web Publishing Rules Propertiespage, set the Use This port For RedirectingSSL Requests box to 27443
D On the Web Publishing Rules Propertiespage, set the Use This Port For RedirectingFTP Requests box to 27443
48 As the network administrator for a large
compa-ny, you have been assigned the task of creatingthe ISA Server structure Your company has8,000 users, who are roughly divided equallyacross the domain root and three child domains.All the users work at your company’s office com-plex, in which all the buildings are connected viaT1 lines in a single site After doing your perfor-mance evaluation, you determine that you willcreate an array of four ISA Server computers tosupport all of the users Which of the belowguidelines should you follow to correctly createthe ISA Server array? (Select two answers.)
A Have one of the ISA Servers in each of the domains
B All members of the array are required to bemembers of the forest root domain
C All members of the array are required to bemembers of the same domain
D Use the installation mode for a particular
company have laptop computers, some runningWindows 2000 Professional, some are runningWindows 98 Which of VPN Protocol selectionswould you choose to provide the most securemethod for your remote users to connect to yourinternal network?
A Use L2TP over IPSec, if available; otherwiseuse PPTP
B Use L2TP over IPSec
C Use PPTP
D Use IPSec
46 You are a member of a team that has beenassigned the role of installing and configuringyour company’s ISA Server deployment Yourteam has been asked to present a demonstration
of some of ISA Server capabilities to the tives You have been asked to print some of thereports available in ISA Server After installingISA Server with the default options, you attempt
execu-to create some reports, but are unable execu-to do so
What is most likely the cause of this problem?
A There are no log files available for the reportsyou are trying to print
B The default installation of ISA Server doesnot include a reporting module
C You must be a member of the ISAadmingroup to print reports
D You have installed ISA Server as a standaloneserver Only arrays provide the option ofprinting reports
47 You work for a software-development company
The company has a public Web site, as well as asecure Web site for existing customers Both thepublic and secure sites use the default TCP portnumbers Your company also has a secure site foremployees only To protect the employees-only
Trang 5E Use the same installation mode for all bers of the array.
mem-F You can only install array members usingIntegrated mode
49 As the security administrator for your company,you want to ensure that the ISA Server neverresponds to any outside connection attempts thatuse the telnet protocol You have installed the tel-net service on the ISA Server so you can doremote administration from inside the network
Which port number should you create an IPpacket filter for to prevent an outside user to telnet into your ISA Server?
All the users have Microsoft Internet Explorer5.0 You have already created the permissions forthe appropriate groups, and allowed access to theprotocols required by the application You havenotified the HR manager that all that is left to do
is to deploy the firewall client Which of the lowing could be used to deploy the firewall clientsoftware to the HR department’s users? (Selecttwo answers.)
fol-A Have the users connect to the ISA Server’s
\MSPCLNT share, and run setup.exe
B Have the users connect to the ISA Server’s
\PRXYCLNT share and run setup.exe
C Have the users open the URL to a Web serverthat you have copied the default.htm and
setup.bat files from the ISA Server’s
\WEBINST folder, and select the link “ISACLIENT SOFTWARE.”
D Create an installation disk set, and have the
HR manager install the software manually
E Have the users open the URL to a Web serverthat you have copied the default.htm andsetup.bat files from the ISA Server’s
\WEBINST folder, save the file setup.bat totheir hard drive, and run it from the savedlocation
51 You have been hired by a firm to assist them withthe installation and configuration of ISA Server.The firm is a contractor with the Department ofDefense, and must provide information to theDoD for auditing purposes To ensure that thecorrect information is available in the Securityreports, which of the following logs and sum-maries must be available to print the reports.(Select three answers.)
A Web Proxy logs
B Firewall Service logs
C Application Filter logs
D SecureNAT logs
E Bandwidth logs
F Site and Content logs
G Packet Filter logs
52 Your company created a private Web site for itscustomers to obtain billing and shipping infor-mation You are using an ISA Server as the firewall from the Internet Because sensitive information is to be passed back to the customer,you would like to secure communicationsbetween the Internet client, and your ISA Server.Which of the features of ISA Server provides thisfunction?
Trang 6B A PTR record for the CEO’s computer IPaddress.
C A SRV record for the Q931 service at theH.323 Gatekeeper’s IP address
D A SRV record for the H323 service at theH.323 Gatekeeper’s IP address
E A MX record for the email server The emailserver will locate the user
55 You have just installed Microsoft ISA Server foryour organization Other members of theInformation Systems department, including your-self, test the ISA Server from your computers,which are on the same subnet as the ISA Server,and connect to external Web sites with no prob-lem When you attempt to connect to theInternet from other users computers on differentsubnets, you are unable to connect to theInternet Where would you begin troubleshootingyour ISA installation?
A Be sure that users have permissions to communicate with the ISA Server
B The Local Address Table
C The ISA Server’s internal routing table
D The ISA Server’s host name and IP address
56 You completed a default installation of ISAServer You have determined that you would like
to apply the Limited Services security level to theserver When you run the ISA Server SecurityConfiguration Wizard, and select the LimitedServices option, you receive an error message thatthe process failed Which of the following is thereason this is occurring?
A You do not have ISA Admin permissions
B You have installed ISA on a domain controller
A IPSec
B L2TP
C SSL Bridging
D SSL
53 Your company has recently upgraded its network
to a Windows 2000 domain, RIPCO.COM Theorganization has maintained a public Web site forseveral months, and your Internet ServiceProvider (ISP) hosts this site You have justinstalled an ISA Server, and configured your user’scomputers Web browsers with the IP address ofthe ISA Server, and the correct port number forHTTP Users can connect to Web sites with noproblems You have also recently created anintranet site that hosts an application that youremployees use for billing and Human Recoursepurposes You now find that users cannot connect
to the intranet site What would be the simplestmethod for resolving this problem?
A Install the firewall client on each computer
B Configure the ISA Server to ignore theserequests
C Publish the intranet server in the ISA Server
D Configure the client computer browsers toBypass Proxy Server for Local Addresses
54 The CEO of your company wants to useMicrosoft NetMeeting to conference with execu-tives of other companies You have created theH.323 Gatekeeper and H.323 filter to allowincoming calls You must also create a record inDNS so the address of the CEO’s computer can
be found How should the DNS record be figured so users can contact the CEO viaNetMeeting?
con-A An A record for the CEO’s computer IPaddress
Trang 7C You must stop the ISA Server service tochange security level.
D The template files are not in the
systemroot\security\templates folder.
57 You created a secure intranet Web site for youremployees They will be managing theirtimesheets, tracking vacation days, and viewinginformation about your company’s projects Youhave secured this Web site by using IntegratedWindows Authentication One of your employeescalls, indicating that he cannot connect to theWeb site from your internal network Which ofthe following is a reason why this user cannotconnect to the intranet site?
A He is using Internet Explorer 3.0
B His password to the intranet site is differentthan his domain password
C He is on a computer running Windows 98
D He is using the Netscape Web browser
58 The CEO of your firm is concerned about virusesattached to email messages infecting your system
He is especially concerned about Vbscript ments He has asked you if there is anyway toprevent these types of files from entering the net-work via email How would you go about pre-venting Visual Basic script attachments from get-ting to your email server using ISA Server?
attach-A Create a protocol filter denying access to TCPport 25
B Create a site and content rule, and deny vbsfile types
C Configure the SMTP filter under ApplicationFilters, and select the option to Disallow anSMTP command
D Configure the SMTP filter under ApplicationFilters On the Attachments tab, add the Mail
Attachment Rule, and select AttachmentExtension
E Configure the SMTP filter under ApplicationFilters On the Attachments tab, add the MailAttachment Rule, and select AttachmentName
59 The Information Systems Manager of your pany has asked you to be part of the NetworkCapacity team The responsibility of this team is
com-to monicom-tor activity on the company’s network,and to make recommendations to improve per-formance You have been asked to monitor andreport on Internet activity The team leader hasasked that you give her a report showing whichmembers of the company utilize the Internet themost, and which Web browsers they are using.Which of the following ISA reports would youprint to provide this information to the teamlead?
A Summary Reports
B Web Usage Reports
C Application Usage Reports
D Traffic and Utilization Reports
E Security Reports
60 The network administrator has asked for yourassistance with a problem Several of the users onthe network are downloading MP3 files from theInternet and storing them in their home directo-ries on one of the servers She would like to pre-vent users from downloading MP3 files from theInternet Which of the following is the correctmethod for preventing users from downloadingMP3 files?
A Create a Destination set for mp3.* and denyaccess to all users
B Create a Protocol definition for mp3, anddeny access to all users
Trang 8computers, and 10 Windows NT 4.0Workstation computers The company has threeWindows NT 4.0 server computers, two acting asfile and print servers, and one acting as a domaincontroller The administrator would like to pro-vide access only for Web browsing How wouldyou configure the users computers to meet theserequirements?
A Web proxy clients
B SecureNAT clients
C Firewall clients
D Winsock proxy clients
64 You have been hired to consult for a large facturing company on its ISA Server implementa-tion The organization has 6,000 computers run-ning a variety of operating systems The projectlead for the company informs you that they will
manu-be required to use the firewall client, as they need
to provide Internet access based on user cation He asks you to provide him with a list ofoperating systems on which the firewall client can
identifi-be installed Which of the following operatingsystems support the firewall client? (Select all thatapply.)
A Windows Millennium Edition
B Windows for Workgroups 3.11
software-publish-of a Frame Relay Private Virtual Circuit The ISmanager would like to log information from all
of the organizations ISA Servers to a single tion Which of the following formats would youselect in this situation?
A Pentium II 300Mhz with 128MB RAM
B Pentium II 300Mhz with 256MB RAM
C Pentium III 55Mhz with 128MB RAM
D Pentium III 550Mhz with 256MB RAM
63 The network administrator of a small turing company has asked you to assist him inproviding Internet access to the 50 users in hiscompany The organization has 40 Windows 98
Trang 9manufac-65 You have agreed to act as a security consultant for
a small publishing company The company wants
to provide Internet access to their internal users
They have a Windows 2000 native modedomain, email that is hosted by their InternetService Provider, and three Windows 2000 mem-ber servers The organization consists of 10 PCsrunning Windows 2000 Professional, and 16 PCsrunning Windows 98 The president of the com-pany wants to determine if she should purchasethe Enterprise Edition or Standard Edition ofMicrosoft ISA Server Which of the following fea-tures are available in the Enterprise edition, and
not available in the Standard edition? (Choose
pub-2 B, C. With the Web proxy service logs and wall service logs available, you would be able toprint traffic and utilization reports to determineareas where bandwidth is over- or under-utilized
fire-You could also create a Performance Monitor log,using the ISA Server Bandwidth Control object,
and capture the appropriate counters to view thisinformation With this information, you canmake appropriate modifications to BandwidthRules
3 A. Reverse caching assists in minimizing work traffic on the internal network Once theISA Server has cached the Web page from yourinternal Web server, it will provide this content tosubsequent external requests from its cache, with-out generating any traffic on the internal net-work Forward caching refers to internal clientsobtaining content from the external network, theInternet
net-4 A. Because the Enterprise Initialization Utilitymakes modifications to the Schema, you will onlywant to run this utility when network perfor-mance will be least affected The utility contactsthe domain controller that holds the SchemaMaster role, and makes the modifications Thesemodifications must then be replicated out to alldomain controllers in the forest
5 A. Events must be enabled on the ISA Server toallow alerts to function To enable Events, expandthe server or array name, and then expandMonitoring Configuration Open the Alerts fold-
er, and double-click the alert you want to use.Placing a check mark in the Enable box activatesthe alert
6 C. The array policies would need to be fined When an enterprise policy is applied to anexisting array, the array policies are deleted
rede-7 E. An ISA Server in firewall mode can be figured to use Virtual Private Networking Thesales staff at remote locations can then securelyconnect to the internal network, and accessresources as if they were in the office
con-8 C. Windows 2000 Service Pack 1 is alsorequired to install ISA Server Because you
Trang 10then be able to promote the standalone server to
a member of the array
14 D. To configure an array to chain up to anotherarray, open the ISA MMC snap-in Under theArray option, select Network Configuration Youwill then have an option to Configure FirewallChaining From this interface, you can configurethe array to forward request to
15 C. A feature of ISA Server is the capability tosave reports as Web (HTML) pages The admin-istrators would then have the capability to pub-lish their reports to the intranet server, wheretheir Web browser can then view them easily.Assuming the intranet server is also connected tothe Internet, the administrators would then beable to view this information from any location
16 A. Use L2TP over IPSec, if available; otherwiseuse PPTP Because some of the computers are notusing Windows 2000, you will still be required tosupport PPTP The Windows 2000 computerswill negotiate the use of L2TP with the VPNserver, which will provide you with the highestlevel of security You would be able to modify thissetting to Use L2TP over IPSec, and eliminatethe need for PPTP after all the remote computershave been upgraded to Windows 2000
17 B The computers at the remote clinics will
require the firewall client to access this tion You may be required to do some additionalconfiguration to allow access to the application,depending on the port that is being used TheWeb proxy client and SecureNAT client will onlyallow access to the HTTP and FTP protocols
applica-18 D. Based on the information in the question, D
is the correct option Because you are required toset priorities for specific groups, using ClientTypes page, where you can specify Any user,group, or computer, or specific users and groups,
installed Windows 2000 with the default options,Internet Information Server is already installed
DNS and WINS are not required options on thecomputer running ISA Server
9 B, D. Because the internal and ISP’s DNSservers are authoritative for the DNS namespace
of MYCO.COM, you will need to manuallyupdate the internal DNS server with the IPaddress of the company’s Web server You shouldalso verify the DNS queries are allowed to passthrough the ISA Server to the Internet for nameresolution of external domain names
10 A. Because EXTARRAY is connected to theInternet and the perimeter network, the onlyaddress range that should be in its Local AddressTable is the perimeter network address range Thearray that is connected to the perimeter networkand the private network will have the private net-work ranges in its Local Address Table
11 D. Based on the fact that the hostname can beresolved via ping, but not via the ISA Server, theLocal Domain Table would be the place to start
Because the site you are trying to connect to isinternal only, it must be resolved by your internalDNS If the ISA Server does not have the domainname in the Local Domain Table, it will attempt
to resolve the name via external DNS
12 B. By enabling routing and packet filteringbetween the corporate network interface and theperimeter network resources, you are allowingyour users direct access to the resources
Publishing servers to the Internet through theISA Server will prevent external users from direct-
ly connecting to the servers, and protect theinternal structure of the servers from Internetusers
13 C. You would first need to join the computer tothe domain that contains the array You would
Trang 11or specific computers Destination sets allow you
to specify certain network addresses, or all work addresses Content Groups are used to spec-ify types of content by file extension
net-19 B. When establishing a VPN, on the Two-WayCommunications page of the VPN Setup Wizard,you can specify that the local and remote, just thelocal or just the remote network can initiate aconnection
20 C. When the Security Level of Limit Services isselected on an ISA Server installed on a memberserver, the Securews.inf template is used
Securedc.inf is used if the ISA is installed on aWindows 2000 domain controller
21 C. 400 megabytes would be the recommendedcache size for this organization Microsoft recom-mends 100MB, plus 0.5MB for each Web proxyclient
22 B. The SecureNAT client provides support forpublishing Web servers on your private network
to the Internet The Web proxy service is onlyused for Internet access from your internalclients The Firewall Service prevents access toyour internal network from the Internet TheWinsock client allows clients on you local net-work access to socket-based applications on theInternet
23 C. Enabling the DNS intrusion event on theDNS server is the best answer here This willnotify you if a user from the Internet attempts aDNS attack A common method for hackers togain access to resources on your internal network
is to perform a zone transfer from your DNSserver This will provide the hacker with a list ofcomputer names and IP addresses DNS intru-sion will look for these types of attacks Packet fil-tering on the internal or external interface anddropping all DNS requests would not work inthis case, because your DNS server must resolve
your Internet exposed resources; Internet usersmust be able to query your DNS server to deter-mine the IP address of your Web server If noDNS traffic were allowed in, users would not beable to connect to your Web server by its hostname
24 A, D. You have two possible options Becauseboth HTTP and FTP access is required, you need
to configure the end-user computers to beSecureNAT clients, which is accomplished bymaking the ISA Server the gateway to theInternet This can be done by manually by simplyadding the ISA Server’s IP address as the defaultgateway, or by making the computers DHCPclients, and providing the default gateway as part
of the DHCP options By making the ISA Serverthe proxy server, the users would not be able toaccess FTP sites, only HTTP
25 A. You can redirect users that have attempted toaccess a restricted site to a Web page You canthen create a Web page to inform users of theiractions
26 A, C. The most common method of providingstandard Internet access to users is to createProtocol rules only allowing specific protocols Allother protocols will be denied If your rules allowall protocols, you could also create an explicitdenial of specific protocols You would not have
to do both Because multiplayer games are based, and the ports used to play the games arespecified by the developer, there are no specificports for games content
socket-27 B, C. Microsoft Proxy 2.0 supports Webrequests to port 80, while Microsoft ISA Serversupports these requests on port 8080 You willeither need to modify each of the client browsers
to send HTTP requests to port 8080, or modifythe ISA Server configuration to use port 80 forHTTP requests
Trang 1234 C. If an Enterprise policy is applied to an array,you will only be able to create site and contentrules that deny access to Web sites You wouldhave to create this rule in the Enterprise policy, orremove the Enterprise policy from the array tocreate this site and content rule.
35 C. Caching can only be directed to an NTFSvolume While caching may be directed to a dif-ferent volume or physical hard disk, it is notrequired
36 B. Digest Authentication is the correct choice
By creating a hash of the user’s password, the user
ID and password remain secure Basic tion does not protect a users password, andIntegrated Windows authentication uses Kerberosv5 to authenticate users Because the partnercompany is using a third-party proxy, DigestAuthentication will secure the password, but notrequire Microsoft specific authentication
authentica-37 D. When a listener is configured to requestauthentication, this is in addition to any otherauthentication required by the resource To avoidthis, configure the listener not to require authen-tication
38 B. Monitor the ISA Server cache One of themost effective ways of effectively utilizing yourInternet connection is to provide Web requestsfrom the ISA Servers cache As users on your net-work request Web pages, the ISA Server willcheck its cache, and return the Web objects fromthe cache without having to use its Internet con-nection The more objects return from the cache,the more bandwidth that is available for otherusers The ISA Server Cache object providescounters that will allow you to determine the rate
at which objects are retrieved from cache, andwhen they must be retrieved from the Internet
28 E. The H.323 Gatekeeper Service provides port for videoconferencing over the Internet
sup-29 A, B, E. The ISA Server that is connected tothe Internet should have its Local Address Tableinclude both the IP address ranges from theperimeter network and the corporate network
The ISA Server that is connected to the internalnetwork should have a Local Address Table thatcontains only the IP address ranges from the cor-porate network You should then create theappropriate publishing rules on the ISA Serverthat is connected to the Internet for the servers
on the perimeter network
30 A. The simplest method to verify if a packet ter is functioning properly is to try to establish atelnet session to the port on the ISA Server The
fil-correct syntax for telnet is “Telnet ip_address
port_number” In this case, if telnet was able to
create a session on the ISA Server’s port 2650, thepacket filter is not configured correctly
31.C. Configure a site and content Rule CreatingDestination Set only groups the Web sites for usewith a site and content Rule
32 A, C, D. To run the Enterprise InitializationUtility, you need to be an administrator on thelocal computer You must also be a member ofthe Enterprise Administrator group and theSchema Administrator group Because the EIUmakes modifications to the Schema, you arerequired to be a member of these groups to per-form the schema modifications
33 D. When packet filtering is enabled, all blockedpackets are logged by default No additional con-figuration is required If you want to enable log-ging of allowed packets, you would need toenable logging on the IP Packet Filters propertiestab
Trang 1339 D, F. The DNS service uses TCP and UPDport 53 You would need to configure a packetfilter that allows incoming packets to those twoports to allow the DNS service to respond toDNS queries from the Internet.
40 D. Configure all your clients as Web proxyclients, which will allow all users access to Webpages on the Internet You then need to installconfigure the three users requiring access to theWinsock-based application This will provideaccess to the application only for the appropriateusers based on their user IDs
41 C. Using the firewall client would be the bestoption here This allows the appropriate Internetaccess to the appropriate users based on their user
ID The Web proxy client and SecureNAT clientprovide the same access to all users The firewallclient is the only one of these options that pro-vides Web and FTP access based on the authenti-cated user
42 B. To configure client computers to be Webproxy clients, you would need to configure thebrowser, in this case Microsoft Internet Explorer,
to use the ISA Server IP address This will onlypass HTTP requests to the ISA Server
Configuring the ISA Server address as the puters default gateway creates SecureNAT clients,which will pass both HTTP and FTP requests tothe ISA Server Connecting to the ISA
com-Servers/MSPClnt share and running Setup.exewill install the firewall client The last optionwould be used if you were configuring your com-puters to be SecureNAT clients in a routed net-work
43 B. Once you have started the Mail ServerSecurity Wizard, you will have the option of SSLauthentication and content filtering The defaultsettings are Basic Authentication, with no contentfilters on incoming email
44 A. When installing ISA Server on a computerthat performs other functions, such as a Webserver, Microsoft recommends using the Securelevel Limited Services is suggested for runningISA Server as a combined firewall and cache serv-
er Dedicated is used when the server functionsonly as a dedicated firewall Integrated is not anoption as a Security Level
45 A. Use L2TP over IPSec, otherwise use PPTP.Because Windows 98 clients do not supportL2TP, your VPN server will still need to supportPPTP The VPN server will attempt to negotiateL2TP first If the remote client is unable to useL2TP, then PPTP will be used
46 A. ISA Server requires logs and log summaries
to print reports You must configure ISA Server
to create the required logs and summaries, andthere must be at least one daily entry in the sum-mary to create a report ISA Server creates sum-maries daily at 12:30 A.M
47 C. Because employees connecting to the sitewill be going through the ISA Server, you need toinform the ISA Server what port to redirectrequests to Secure Web sites use SSL, so youneed to change the SSL request box for theemployees-only Web server to 27443
48 C, E. All the array members must be in thesame Windows 2000 domain It is not requiredthat it be the forest root domain, just that thecomputers are members of the same domain.Array members must also use the same installa-tion mode of either Firewall mode, Cache mode,
or Integrated Mode The arrays can be createdusing any of these modes, but all array membersmust use the same mode
49 B. Telnet uses TCP port 23 You would need toconfigure an IP packet filter to block packetsfrom an external source to TCP port 23
Trang 1455 B. In the case of users on the local subnetaccessing the Internet, and users on remote sub-nets not being able to access the Internet, usuallypoints to a problem with the ISA Servers LocalAddress Table Because the ISA Server uses theLAT to determine who is on the internal networkand who is on the external network, and incor-rectly configured LAT can cause this type ofproblem.
56 D. The template files must be located in the
systemroot\security\templates folder for the
Security Configuration Wizard to apply the ting If they are missing, they can be copied fromthe Windows 2000 Server CD
set-57 D. Of the four possible problems, D is the
like-ly choice here Integrated Windows tion uses Kerberos v5 to authenticate a user toActive Directory, so the password to the Web siteand Active Directory would be the same
authentica-Integrated Windows authentication also requiredMicrosoft Internet Explorer 2.0 or later, on anyplatform
58 D. To prevent a specific type of email ment from passing through the ISA Server, selectApplication Filters, in the details pane, right-clickSMTP Filter, and click Properties On theAttachments tab, click Add In the MailAttachment Rule dialog box, select EnableAttachment Rule, then select AttachmentExtension, and type the file extension that youwant to block
attach-59 B. The Web Usage Reports include a set ofreports that display top Web users, commonresponses, and Web browsers This would be thebest selection for this question, as it shows usage
51 A, B, G. When configuring logging, the threetypes of logs that are available are Packet filterlogs, Firewall Service logs and Web Proxy logs
Security reports require that all three of these logsand summaries are available to print reports
52 C. SSL bridging would be required for this nario Secure Socket Layer provides a securetransport between an Internet client and Webserver Because security is not required betweenthe ISA Server and the Web server, setting up anSSL bridge is the best solution
sce-53 D. Configuring the client computers to bypassthe ISA Server for local addresses would be thesimplest method of resolving this issue Becausethe users are connecting to the intranet Server via
a Web browser to use this application, it will passall requests initiated through the browser to theISA Server By placing a check in the browserproperties’ Bypass Proxy Server for LocalAddresses, the clients will connect directly to theserver and not required any additional configura-tion
54 C. A DNS service location record for the Q931service must be placed in the DNS server zone
This will allow name resolution over the Internetfor users to locate the H.323 Gatekeeper for yourorganization
Trang 15including MP3 ISA Server includes ContentType groups for most of the common files types,and it would not be necessary to create a newgroup.
61 B. Using the ODBC format option for logging,you would be able to direct logging informationfrom all of the ISA Servers in the organization to
a single database, such as a Microsoft SQL serverdatabase By default, the W3C and ISA formatsstore the log information in the ISAlogs folder,under the ISA installation folder
62 D. Microsoft’s recommendation for forwardcaching to support between 250 and 2,000 users
is a Pentium III 550Mhz with 256MB RAM Afirewall recommendation is based on throughput,and is dependent on the connection to theInternet
63 A. Because the organization only requires access
to Web browsing, you would configure the clientcomputers as Web proxy clients The users wouldthen have access only to Web browsing, and noother functions The SecureNAT client providesassess to both HTTP and FTP The firewall clientprovides access on a per user basis to any config-ured TCP or UDP port The Winsock proxyclient provides access to sockets-based applica-tions that reside on the Internet
64 A, D, E, F, H, I. The firewall client can only beused on the following operating systems:
Windows Millennium Edition, Windows 95OSR2, Windows 98, Windows NT 4.0, andWindows 2000 Microsoft ISA Server will sup-port other operating systems as Web proxy clients
or SecureNAT clients; only the above operatingsystems can use the firewall client
65 B, E, F. Enterprise Policy, Active DirectoryIntegration, and Distributed Caching are avail-able only in the Enterprise Edition