| Braindumps of 70-350
Implementing Microsoft Internet
Security and Acceleration
(ISA)
Server 2004
Exam Questions, Answers, Braindumps (70-350)
Thanks to www.4exam.com and www.exams.ws. But there’s
no need to have it from both of them, only questions
from only one are sufficient I think.
QUESTION 1
You are the network administrator for Abc .com. Abc
has a main office and one branch office. The network
contains two ISA Server 2004 computers named ISA1
and ISA2. ISA1 is located at the main office. ISA1
is located at the branch office. An IPSec tunnel mode
site-to-site VPN connects the main office and branch
office networks. ISA1 has three addresses bound to
its external network adapter, and ISA2 uses a non-primary
IP address to establish the IPSec tunnel mode connection
to ISA1. Users at the branch office report that they
can connect to file shares at the main office, but
they cannot connect to the Microsoft Outlook Web Access
Web site. You need to ensure that users at the branch
office can access the Outlook Web Access Web site.
What should you do?
A. Use a network address translation (NAT) relationship
between the branch office network and the main office
network.
B. Add IP addresses to the external network adapter
of ISA2.
C. Change the Phase II IPsec configuration on both
ISA1 and ISA2 to use Message Digest 5 (MD5) as its
integrity algorithm.
D. Create a new protocol definition for TCP port 80
outbound and use the definition in the access rule.
Answer: D
QUESTION 2
You are the network administrator for Abc .com. The
network contains an ISA Server 2004 computer named
IS1, which is configured as a remote access VPN server.
You configure ISA1 to accept both PPTP and L2TP over
IPSec VPN connections from remote access clients.
Several users report that they cannot connect to the
network. You review the log files on ISA1 and discover
that the users with failed connection attempts are
all using L2TP over IPSec. You need to ensure that
the users can connect to the network. What should
you do?
A. Disable IP fragment blocking.
B. Disable IP routing.
C. Disable IP options filtering
D. Disable verification of incoming client certificates.
Answer: A
QUESTION 3
You are the network administrator for Abc .com. The
network contains an ISA Server 2004 computer named
ISA1. You enable VPN Quarantine Control on ISA1. You
create a Connection Manager (CM) profile and install
it on VPN client computers. The CM profile contains
a script named quarantine.vbs that performs several
tests on VPN client computers to ensure conformance
with Abc policy. If a computer passes the tests, the
script executes the following command:
RQC %1 %2 %3 %4 SV1.
The variables in the command represent the parameters
inherited from the CM profile. The parameters are
shown in the following table.
Variable Parameter
%1 %DialRasEntry%
%2 %TunnelRasEntry%
%3 %Domain%
%4 %UserName%
Users report that after they establish a VPN connection
with ISA1, they receive a message stating that their
computer has been placed in quarantine mode. The VPN
connection is terminated, and they are prompted to
reconnect. You verify that the client computer configurations
conform to Abc policies and pas the tests on the quarantine.vbs
script. The System log displays a large number of
instance of the following warning message: "A
remote access client at IP address w.x.y.z connected
by Abc \username has been rejected because it presented
the following unrecognized quarantine string: SV1"
You need to ensure that VPN client computers can be
moved out of the Quarantined VPN Clients network when
the quarantine.vbs script executes successfully. What
should you do?
A. Create a new CM profile by using the Connection
Manager Administration Kit (CMAK). Append the text
string "SV1" to the lost of parameters for
the custom action.
B. Edit the quarantine.vbs scipt so that it used the
following command: RQC %DialRasEntry% %TunnelRasEntry%
7250 %Domain% %UserName%
C. On ISA1, configure the AllowedSets values for the
RQS service by including the text string "SV1".
D. Use the Connection Manager Administration Kit (CMAK)
to change the post-connect action to Rqc.exe.
Answer: C
QUESTION 4
You are the network administrator for Abc .com. Abc
has a main office and one branch office. The main
office has one ISA Server 2004 computer named ISA1,
which runs Windows Server 2003. The branch office
has one ISA Server 2004 computer named ISA2, which
runs Windows 2000 Server. You create a site-to-site
VPN connection between ISA1 and ISA2. You configure
IPSec tunnel mode for the site-to-site connection.
When you test the site-to-site site VPN connection,
the connection attempt fails. You need to enable the
IPSec tunnel mode site-to-site VPN connection between
the main office and the branch office. What should
you do?
A. Install the IPSecPol tool on ISA1.
B. Install the IPSecPol tool on ISA2.
C. Configure a custom IPSec policy on ISA1.
D. Configure a custom IPSec policy on ISA2.
Answer: B
QUESTION 5
You are the network administrator for Abc .com. Abc
has a main office and is adding a branch office. You
are connecting the main office and branch office networks.
You install ISA Server 2004 on a computer at each
office, and you create a site-to-site VPN connection
between the ISA Server computers. You create remote
site networks on the ISA Server computers at both
offices. You choose the L2TP over IPSec VPN protocol.
You want to use a preshared key for the IPSec authentication.
You open the Routing and Remote Access console and
enter the preshared key in the Properties dialog box
for the Routing and Remote Access server. The site-to-site
L2TP over IPsec connection is successful. You then
restart the ISA Server computers and discover that
the site-to-site connection fails. You need to ensure
that the L2TP over IPSec site-to-site VPN connections
continue to function properly after the ISA Server
computers are restarted. What should you do?
A. Re-enter the preshared keys on the ISA Server computers
at both offices. Chang the preshared keys so that
they include mixed-case letters, numbers, and symbols.
B. Remove all certificates for the ISA Server computers
at both offices.
C. On the ISA Server computers at both offices, remove
the preshared key from the Routing and Remote Access
console, and enter the key on the Authentication tab
of the Virtual Private Networks (VPN) Properties dialog
box.
D. Install user certificates on the ISA Server computers
in both offices and enable EAP user authentication
for the demand-dial accounts.
Answer: C
QUESTION 6
You are the network administrator for Abc .com. Abc
has a main office and is adding a branch office. The
main office and the new branch each have an ISA Server
2004 computer. You want to connect the main office
and the branch office networks by using a site-to-site
VPN. You create a site-to-site VPN connection that
connects the office networks by using the L2TP over
IPSec VPN protocol. Computer certificates are installed
on the ISA Server computer at each office. When you
create the remote site network on each ISA Server
computer, you configure it to use certificates and
a preshared key. At each office, the preshared key
is configured as the office name on the ISA Server
computer at that office. From the ISA Server computer
at the main office, you repeatedly run the ping command
to a host on the branch office network. The site-to-site
VPN fails. You open the Routing and Remote Access
console and manually dial the demand-dial interface.
You receive the following error message: "The
last connection attempt failed because: The L2TP connection
attempt failed because the security layer encountered
a processing error during initial negotiations with
the remote computer." You need to enable the
site-to-site VPN connection by using the most secure
IPSec authentication method possible. What should
you do?
A. Restart the ISA Server computer at both offices.
B. Re-enter the preshard keys on the ISA Server computer
at both offices. Change the preshared keys so that
they include mixed-case letters, numbers, and symbols.
C. Remove the preshared key from the remote site network
configuration on the ISA Server computer at both offices.
D. Delete the remote site network on the ISA Server
computer at both offices, and re-create the remote
site networks with the original parameters.
Answer: C
QUESTION 7
You are the network administrator for Abc .com. The
network contains an ISA Server 2004 computer named
ISA1. ISA1 functions as a VPN remote access server.
Remote access VPN clients use either PPTP or L2TP
over IPSec to connect to ISA1. All remote access VPN
client computers are configured as both Web Proxy
and Firewall clients of ISA1. You create an access
rule to allow domain users on the VPN Clients network
access to all protocols and Web sites on the Internet.
A user named Bob logs on to his portable computer
by using a local user account and establishes a VPN
connection to ISA1 by using his domain credentials.
You discover that Bob cannot connect to the Internal
network when the VPN connection to ISA1 is active.
You need to ensure that Bob can access the Internet
network while maintaining a VPN connection to ISA1.
What should you do?
A. Disable the Firewall client before establishing
the VPN connection.
B. Disable the Web Proxy configuration before establishing
the VPN connection.
C. Create an access rule to allow connections from
the VPN Clients network to the Internal network.
D. Remote the authentication requirement on the access
rule that allows VPN Clients access to the Internet.
Answer: C
QUESTION 8
You are the network administrator for Abc .com. The
network contains an ISA Server 2004 computer named
ISA1. ISA1 provides Internet access for all users
on Abc 's network. All computers on the network are
configured as SecureNAT clients. You create an access
rule on ISA1 that allows all users access to all protocols
on the External network. You view the Firewall log
and the Web Proxy filter log on ISA1 and notice that
the URLs of Web sites visited by Abc users are not
displayed. You need to ensure that the URLs of Web
sites visited by Abc users are displayed in the ISA1
log files. What should you do?
A. Configure all network computers as Web Proxy clients.
B. Configure all network computers as Firewall clients.
C. Configure ISA1 to require authentication for Web
requests.
D. Configure ISA1 to require authentication for all
protocols.
Answer: A
QUESTION 9
You are the network administrator for Abc .com. The
network contains an ISA Server 2004 computer named
ISA1. ISA1 is configured to provide forward Web caching
for users on the Internet network. During periods
of peak usage, users report that it takes longer than
usual for Web pages to appear. You suspect that insufficient
memory is the source of the slow performance of ISA1.
You need to verify whether insufficient memory is
the source of the slow performance. Which two System
Monitor performance counters should you add? (Each
correct answer presents part of the solution. Choose
two)
A. Memory\Pages/sec
B. Process(W3Prefch)\Pool Nonpaged Bytes
C. ISA Server Cache\Memory Usage Ratio Percent (%)
D. Physical Disk\Avg. Disk Queue Length
E. ISA Server Cache\Disk Write Rate (writes/sec)
F. Memory\Pool Nonpaged Bytes
Answer: A, C
70-350
|
