SC0-502 Free Dumps Study Materials
Question 10: Now that you have Certkiller somewhat under control, you are getting ready to go
home for the night. You have made good progress on the network recently, and
things seem to be going smoothly. On your way out, you stop by the CEO's office
and say good night. You are told that you will be meeting in the morning, so try to
get in a few minutes early.
The next morning, you get to the office 20 minutes earlier than normal, and the
CEO stops by your office, "Thanks for coming in a bit early. No problem really, I
just wanted to discuss with you a current need we have with the network."
"OK, go right ahead." You know the network pretty well by now, and are ready for
whatever is thrown your way.
"We are hiring 5 new salespeople, and they will all be working from home or on the
road. I want to be sure that the network stays safe, and that they can get access no
matter where they are."
"Not a problem," you reply. "I'll get the plan for this done right away."
"Thanks a lot, if you have any questions for me, just let me know."
You are relieved that there was not a major problem and do some background work
for integrating the new remote users. After talking with the CEO more, you find out
that the users will be working from there home nearly all the time, with very little
access from on the road locations.
The remote users are all using Windows 2000 Professional, and will be part of the
domain. The CEO has purchased all the remote users brand new Compaq laptops,
just like the one used in the CEO's office, and which the CEO takes home each
night; complete with DVD\CD-burner drives, built-in WNICs, 17" LCD widescreen
displays, oversized hard drives, a gig of memory, and fast processing. 'I wish I was
on the road to get one of those,' you think.
You start planning and decide that you will implement a new VPN Server next to
the Web and FTP Server. You are going to assign the remote users IP Addresses:
10.10.60.100~10.10.60.105, and will configure the systems to run Windows 2000
Professional.
Based on this information, and your knowledge of the Certkiller network up to this
point, choose the best solution for the secure remote user needs:}
A. You begin with configuring the VPN server, which is running Windows 2000 Server.
You create five new accounts on that system, granting each of them the Allow Virtual
Private Connections right in Active Directory Users and Computers. You then configure
the range of IP Addresses to provide to the clients as: 10.10.60.100 through 10.10.60.105.
Next, you configure five IPSec Tunnel endpoints on the server, each to use L2TP as the
protocol.
Then, you configure the clients. On each system, you configure a shortcut on the desktop
to use to connect to the VPN. The shortcut is configured to create an L2TP IPSec tunnel
to the VPN server. The connection itself is configured to exchange keys with the user's
ISP to create a tunnel between the user's ISP endpoint and the Certkiller VPN Server.
B. To start the project, you first work on the laptops you have been given. On each
laptop, you configure the system to make a single Internet connection to the user's ISP.
Next, you configure a shortcut on the desktop for the VPN connection. You design the
connection to use L2TP, with port filtering on outbound UDP 500 and UDP 1701. When
a user double-clicks the desktop icon you have it configured to make an automatic tunnel
to the VPN server.
On the VPN server, you configure the system to use L2TP with port filtering on inbound
UDP 500 and UDP 1701. You create a static pool of assigned IP Address reservations for
the five remote clients. You configure automatic redirection on the VPN server in the
routing and remote access MMC, so once the client has connected to the VPN server, he
or she will automatically be redirected to the inside network, with all resources available
in his or her Network Neighborhood.
C. You configure the VPN clients first, by installing the VPN High Encryption Service
Pack. With this installed, you configure the clients to use RSA, with 1024-bit keys. You
configure a shortcut on the desktop that automatically uses the private\public key pair to
communicate with the VPN Server, regardless of where the user is locally connected.
On the VPN Server, you also install the VPN High Encryption Service Pack, and
configure 1024-bit RSA encryption. You create five new user accounts, and grant them
all remote access rights, using Active Directory Sites and Services. You configure the
VPN service to send the server's public key to the remote users upon the request to
configure the tunnel. Once the request is made, the VPN server will build the tunnel,
from the server side, to the client.
D. You decide to start the configuration on the VPN clients. You create a shortcut on the
desktop to connect to the VPN Server. Your design is such that the user will simply
double-click the shortcut and the client will make the VPN connection to the server,
using PPTP. You do not configure any filters on the VPN client systems.
On the VPN Server, you first configure routing and remote access for the new accounts
and allow them to have Dial-In access. You then configure a static IP Address pool for
the five remote users. Next, you configure the remote access policy to grant remote
access, and you implement the following PPTP filtering:
¨´Inbound Protocol 47 (GRE) allowed
¨´Inbound TCP source port 0, detination port 1723 allowed
¨´Inbound TCP source port 520, destination port 520 allowed
¨´Outbound Protocol 47 (GRE) allowed
¨´Outbound TCP source port 1723, destination port 0 allowed
¨´Outbound TCP source port 520, destination port 520 allowed
E. You choose to configure the VPN server first, by installing the VPN High Encryption
Service Pack and the HISECVPN.INF built-in security template through the Security
Configuration and Analysis Snap-In. Once the Service pack and template are installed,
you configure five user accounts and a static pool of IP Addresses for each account.
You then configure the PPTP service on the VPN server, without using inbound or
outbound filters - due to the protection of the Service Pack. You grant each user the right
to dial into the server remotely, and move on to the laptops.
On each laptop, you install the VPN High Encryption Service Pack, to bring the security
level of the laptops up to the same level as the VPN server. You then configure a shortcut
on each desktop that controls the direct transport VPN connection from the client to the
server.
Correct Answer: D
