REAL QUESTIONS SUBMIT MATERIAL ADVERTISE
Braindumps

Microsoft

Cisco

Citrix

CIW

CompTia

CWNA

Apple

Adobe

HP

Legato

Exin

Filemaker

Brocade

Ericsson

TIA

Veritas

ISEB

SCP

IISFA

ISM

OMG

Apc

Mile2

Foundry

Huawei

McData

Symantec

TeraData

RedHat

Solar Winds

Blue Coat

Riverbed

 

 
 
Click on name of dumper to view the dump
 

Sonya

Jack

 
 

Braindumps of 70-350
Implementing Microsoft Internet
Security and Acceleration
(ISA)
Server 2004

Exam Questions, Answers, Braindumps (70-350)

Thanks to www.4exam.com and www.exams.ws. But there’s no need to have it from both of them, only questions from only one are sufficient I think.

QUESTION 1
You are the network administrator for Abc .com. Abc has a main office and one branch office. The network contains two ISA Server 2004 computers named ISA1 and ISA2. ISA1 is located at the main office. ISA1 is located at the branch office. An IPSec tunnel mode site-to-site VPN connects the main office and branch office networks. ISA1 has three addresses bound to its external network adapter, and ISA2 uses a non-primary IP address to establish the IPSec tunnel mode connection to ISA1. Users at the branch office report that they can connect to file shares at the main office, but they cannot connect to the Microsoft Outlook Web Access Web site. You need to ensure that users at the branch office can access the Outlook Web Access Web site. What should you do?
A. Use a network address translation (NAT) relationship between the branch office network and the main office network.
B. Add IP addresses to the external network adapter of ISA2.
C. Change the Phase II IPsec configuration on both ISA1 and ISA2 to use Message Digest 5 (MD5) as its integrity algorithm.
D. Create a new protocol definition for TCP port 80 outbound and use the definition in the access rule.
Answer: D
QUESTION 2
You are the network administrator for Abc .com. The network contains an ISA Server 2004 computer named IS1, which is configured as a remote access VPN server. You configure ISA1 to accept both PPTP and L2TP over IPSec VPN connections from remote access clients. Several users report that they cannot connect to the network. You review the log files on ISA1 and discover that the users with failed connection attempts are all using L2TP over IPSec. You need to ensure that the users can connect to the network. What should you do?
A. Disable IP fragment blocking.
B. Disable IP routing.
C. Disable IP options filtering
D. Disable verification of incoming client certificates.
Answer: A
QUESTION 3
You are the network administrator for Abc .com. The network contains an ISA Server 2004 computer named ISA1. You enable VPN Quarantine Control on ISA1. You create a Connection Manager (CM) profile and install it on VPN client computers. The CM profile contains a script named quarantine.vbs that performs several tests on VPN client computers to ensure conformance with Abc policy. If a computer passes the tests, the script executes the following command:
RQC %1 %2 %3 %4 SV1.
The variables in the command represent the parameters inherited from the CM profile. The parameters are shown in the following table.
Variable Parameter
%1 %DialRasEntry%
%2 %TunnelRasEntry%
%3 %Domain%
%4 %UserName%
Users report that after they establish a VPN connection with ISA1, they receive a message stating that their computer has been placed in quarantine mode. The VPN connection is terminated, and they are prompted to reconnect. You verify that the client computer configurations conform to Abc policies and pas the tests on the quarantine.vbs script. The System log displays a large number of instance of the following warning message: "A remote access client at IP address w.x.y.z connected by Abc \username has been rejected because it presented the following unrecognized quarantine string: SV1"
You need to ensure that VPN client computers can be moved out of the Quarantined VPN Clients network when the quarantine.vbs script executes successfully. What should you do?
A. Create a new CM profile by using the Connection Manager Administration Kit (CMAK). Append the text string "SV1" to the lost of parameters for the custom action.
B. Edit the quarantine.vbs scipt so that it used the following command: RQC %DialRasEntry% %TunnelRasEntry% 7250 %Domain% %UserName%
C. On ISA1, configure the AllowedSets values for the RQS service by including the text string "SV1".
D. Use the Connection Manager Administration Kit (CMAK) to change the post-connect action to Rqc.exe.
Answer: C
QUESTION 4
You are the network administrator for Abc .com. Abc has a main office and one branch office. The main office has one ISA Server 2004 computer named ISA1, which runs Windows Server 2003. The branch office has one ISA Server 2004 computer named ISA2, which runs Windows 2000 Server. You create a site-to-site VPN connection between ISA1 and ISA2. You configure IPSec tunnel mode for the site-to-site connection. When you test the site-to-site site VPN connection, the connection attempt fails. You need to enable the IPSec tunnel mode site-to-site VPN connection between the main office and the branch office. What should you do?
A. Install the IPSecPol tool on ISA1.
B. Install the IPSecPol tool on ISA2.
C. Configure a custom IPSec policy on ISA1.
D. Configure a custom IPSec policy on ISA2.
Answer: B
QUESTION 5
You are the network administrator for Abc .com. Abc has a main office and is adding a branch office. You are connecting the main office and branch office networks. You install ISA Server 2004 on a computer at each office, and you create a site-to-site VPN connection between the ISA Server computers. You create remote site networks on the ISA Server computers at both offices. You choose the L2TP over IPSec VPN protocol. You want to use a preshared key for the IPSec authentication. You open the Routing and Remote Access console and enter the preshared key in the Properties dialog box for the Routing and Remote Access server. The site-to-site L2TP over IPsec connection is successful. You then restart the ISA Server computers and discover that the site-to-site connection fails. You need to ensure that the L2TP over IPSec site-to-site VPN connections continue to function properly after the ISA Server computers are restarted. What should you do?
A. Re-enter the preshared keys on the ISA Server computers at both offices. Chang the preshared keys so that they include mixed-case letters, numbers, and symbols.
B. Remove all certificates for the ISA Server computers at both offices.
C. On the ISA Server computers at both offices, remove the preshared key from the Routing and Remote Access console, and enter the key on the Authentication tab of the Virtual Private Networks (VPN) Properties dialog box.
D. Install user certificates on the ISA Server computers in both offices and enable EAP user authentication for the demand-dial accounts.
Answer: C
QUESTION 6
You are the network administrator for Abc .com. Abc has a main office and is adding a branch office. The main office and the new branch each have an ISA Server 2004 computer. You want to connect the main office and the branch office networks by using a site-to-site VPN. You create a site-to-site VPN connection that connects the office networks by using the L2TP over IPSec VPN protocol. Computer certificates are installed on the ISA Server computer at each office. When you create the remote site network on each ISA Server computer, you configure it to use certificates and a preshared key. At each office, the preshared key is configured as the office name on the ISA Server computer at that office. From the ISA Server computer at the main office, you repeatedly run the ping command to a host on the branch office network. The site-to-site VPN fails. You open the Routing and Remote Access console and manually dial the demand-dial interface. You receive the following error message: "The last connection attempt failed because: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer." You need to enable the site-to-site VPN connection by using the most secure IPSec authentication method possible. What should you do?
A. Restart the ISA Server computer at both offices.
B. Re-enter the preshard keys on the ISA Server computer at both offices. Change the preshared keys so that they include mixed-case letters, numbers, and symbols.
C. Remove the preshared key from the remote site network configuration on the ISA Server computer at both offices.
D. Delete the remote site network on the ISA Server computer at both offices, and re-create the remote site networks with the original parameters.
Answer: C
QUESTION 7
You are the network administrator for Abc .com. The network contains an ISA Server 2004 computer named ISA1. ISA1 functions as a VPN remote access server. Remote access VPN clients use either PPTP or L2TP over IPSec to connect to ISA1. All remote access VPN client computers are configured as both Web Proxy and Firewall clients of ISA1. You create an access rule to allow domain users on the VPN Clients network access to all protocols and Web sites on the Internet. A user named Bob logs on to his portable computer by using a local user account and establishes a VPN connection to ISA1 by using his domain credentials. You discover that Bob cannot connect to the Internal network when the VPN connection to ISA1 is active. You need to ensure that Bob can access the Internet network while maintaining a VPN connection to ISA1. What should you do?
A. Disable the Firewall client before establishing the VPN connection.
B. Disable the Web Proxy configuration before establishing the VPN connection.
C. Create an access rule to allow connections from the VPN Clients network to the Internal network.
D. Remote the authentication requirement on the access rule that allows VPN Clients access to the Internet.
Answer: C
QUESTION 8
You are the network administrator for Abc .com. The network contains an ISA Server 2004 computer named ISA1. ISA1 provides Internet access for all users on Abc 's network. All computers on the network are configured as SecureNAT clients. You create an access rule on ISA1 that allows all users access to all protocols on the External network. You view the Firewall log and the Web Proxy filter log on ISA1 and notice that the URLs of Web sites visited by Abc users are not displayed. You need to ensure that the URLs of Web sites visited by Abc users are displayed in the ISA1 log files. What should you do?
A. Configure all network computers as Web Proxy clients.
B. Configure all network computers as Firewall clients.
C. Configure ISA1 to require authentication for Web requests.
D. Configure ISA1 to require authentication for all protocols.
Answer: A
QUESTION 9
You are the network administrator for Abc .com. The network contains an ISA Server 2004 computer named ISA1. ISA1 is configured to provide forward Web caching for users on the Internet network. During periods of peak usage, users report that it takes longer than usual for Web pages to appear. You suspect that insufficient memory is the source of the slow performance of ISA1. You need to verify whether insufficient memory is the source of the slow performance. Which two System Monitor performance counters should you add? (Each correct answer presents part of the solution. Choose two)
A. Memory\Pages/sec
B. Process(W3Prefch)\Pool Nonpaged Bytes
C. ISA Server Cache\Memory Usage Ratio Percent (%)
D. Physical Disk\Avg. Disk Queue Length
E. ISA Server Cache\Disk Write Rate (writes/sec)
F. Memory\Pool Nonpaged Bytes
Answer: A, C

70-350

 

 

Braindumps Real exam questions and verified answers - 100% passing guarantee - cheap prices.

 

Free brain dumps Braindumps, notes, books for free

 

Braindumps and Exams - Instant download real exam questions - Passing guarantee.

Follow us on FaceBook
Braindumps on Facebook
 
 
 
 
 

CheckPoint

Linux

Novell

DB/2

Network Appliance

EC-Council

Nortel

McAfee

Juniper

ISACA

PMI

Sybase

EMC

HDI

SNIA

ISC

Sair

IBM

Lotus

Exam Express

3COM

BICSI

DeLL

Enterasys

Extreme Networks

Guidance Software

Computer Associates

Network General

SAS Institute

Alcatel Lucent

SeeBeyond

TruSecure

Polycom

Hyperion

Hitachi

Nokia

Fortinet

Vmware

Fujitsu

Tibco

Intel

PostgreSQLCE

BusinessObjects

RESSoftware

BlackBerry

AccessData

ICDL

Isilon

SAP

The Open Group

ACSM

Altiris

Avaya

Cognos

F5

Genesys

SDI

ACI

ASQ

Google

H3C

HIPAA

HRCI

SOA

IIBA

Zend