- Home
- Server Administration
- Windows
- Administering Windows server 2012 (70-411)
36.
You have implemented VPNs to connect the various locations of your organization.
These locations include offices in New York, Sacramento, Memphis, and Omaha, with a
significant LAN in each one. The RRAS server is set up such that the users aren’t aware of
the intricacies of the connections. You are beginning to have problems with the connections
between the offices and, as a result, the number of support calls is growing dramatically.
What configurations could you use to troubleshoot the communication problems?
- A.L2TP using MPPE
- B.L2TP unencrypted
- C.L2TP using IPsec in transport mode
- D.L2TP using IPsec in tunnel mode
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| L2TP and IPsec each has its own negotiation procedure for making a connection. If you remove the IPsec portion of the connection and the problem is alleviated, it is likely that IPsec is the problem, and you can then focus on IPsec. If the problem remains, you can work on the L2TP portion of the connection. IPsec has two modes: tunnel mode and transport mode. But because L2TP is a tunneling protocol, there is no sense in using IPsec tunneling. IPsec transport mode is used with L2TP and should be set aside for troubleshooting, as discussed. The L2TP implementation in Windows Server 2012 R2 doesn’t support MPPE. |
37.
Your company’s 450 sales reps are finally going to receive laptops so that they can
communicate with the corporate office whenever they need information stored on the
corporate network. The corporate network is fully upgraded to Windows Server 2012 R2,
including the default configuration of the RRAS server for the remote connectivity over
VPNs. You have installed Windows 8 with the default configuration on all of the laptops
and have added the sales reps to a special group in Active Directory. After you test the
laptops, everything appears to work fine. You ship them out and, as they reach the sales
reps, you monitor their initial connections. During the next few days, you begin receiving
support calls from people complaining they cannot connect to the network. What is the
most likely cause of the problem?
- A.The Windows 8 clients are not configured to support a VPN.
- B.The default RRAS configuration does not support VPNs..
- C.The default RRAS configuration does not support enough VPN connections.
- D.The default RRAS configuration does not support L2TP.
- E.The Windows 8 client default configuration does not support L2TP.
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The default configuration for RRAS supports 5 PPTP ports and 5 L2TP ports. There are up to 150 sales reps trying to connect to the server, but only the first 10 will be able to connect. You can increase the number of ports available, up to 1,000, by using the Ports Properties dialog box. The Windows 8 clients are, by default, ready to support VPNs; they will first try L2TP and then switch over to PPTP if ports are unavailable. |
38.
You are the network administrator for a company with two offices; one is located on
the East Coast and the other is located on the West Coast. Sales information needs to be
sent from the East Coast to the West Coast office on a regular basis, and some payroll
information and accounting reports need to be sent back to the East Coast. The owner of
your company has been reading stories in the press about security problems on the Internet
and refuses to allow any company information to travel through the Internet, regardless
of how much you talk about securing those transmissions. The communications between
the sites occur approximately once a week. What steps would you take to ensure secure
authentication and secure transmission while not spending too much money? (Choose all
that apply.)
- A.Configure PAP as the authentication method between the servers.
- B.Install RRAS on a server at each location and keep the line open with an ISDN connection that will always be available for the communication.
- C.Install RRAS on a server at each location and configure demand-dial to open the connection each time the transmission occurs.
- D.Configure CHAP as the authentication method between the servers.
- E.Configure MS-CHAPv2 as the authentication method between the servers.
- F.Configure IPsec as the encryption method between the servers.
- G.Configure MPPE as the encryption method between the servers.
- H.Configure L2TP as the encryption method between the servers.
- Answer & Explanation
- Report
Answer : [C, E, G]
Explanation :
Explanation :
| Because the communication is not a continuous or frequent occurrence, it doesn’t make sense to have the line always available, so RRAS with demand-dial will be less expensive than ISDN, which is always up. MS-CHAPv2 provides encryption and a mutual authentication process. The MPPE provides the encryption of the actual data that travels across the connection. PAP is a cleartext authentication method, and CHAP provides only one-way authentication. L2TP doesn’t provide any encryption by itself. |
39.
You are using an RRAS server to manage remote access to your small Windows Server
2012 R2 network that serves a single location. RRAS provides access to several remote
users and to the people who have machines on the local network but occasionally want to
access the network from home or from hotels when on the road. Regardless of the category
of user, everyone is authenticated through Active Directory. You haven’t spent much time
reviewing the use of this remote connectivity since you configured the system, but now
there is a concern about unauthorized users as well as intermittent problems that remote
users are experiencing when connecting to the network. You’ve been asked to prepare
a report for management describing the extent of these problems in the company. You
recall that when you set up the system, you configured the logging to track all connection
attempts using local Windows accounting. Where will you find the logging information
that you need for preparing your report?
- A.The Performance Monitor log
- B.Active Directory
- C.The systemroot\System32\LogFiles folder
- D.The system event log
- E.The RRAS authentication log
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| When you use Windows accounting, the local Windows account logs are found in the systemroot\System32\LogFiles folder. These logs can be stored in one of two formats for later analysis—Open Database Connectivity (ODBC) or Internet Authentication Service. The Performance Monitor utility that came with Windows NT has been replaced with the system event log. This keeps track of global service errors such as initialization failures and service starts and stops. There is no RRAS authentication log. You do have RADIUS logging available; when it’s used, the log files are stored on the RADIUS servers. This is useful when you have multiple RRAS servers because you can centralize RRAS authentication requests. Active Directory is not used to log events from the various services in Windows Server 2012 R2. |
40.
Your area of responsibility at the All-Terrain Vehicle Rentals Company is to build, deploy,
and maintain the remote access system for the Windows Server 2012 R2 network. The
system consists of four RRAS servers that serve 200 users across the country. The users
often travel from location to location, and they access different servers depending on where
they call in. You put together a management station to monitor all of the RRAS servers so
that you can keep an eye on this critical aspect of your network. What tool do you use to
accomplish this?
- A.The Server Monitor of the RRAS snap-in
- B.The Server Status node of the RRAS snap-in
- C.The System Monitor snap-in
- D.The MMC
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| The Server Status node in the RRAS snap-in shows you a summary of all the RRAS servers known to the system. Each server entry displays whether the server is up, what kind of server it is, how many ports it has, how many ports are currently in use, and how long the server has been up. |
|
|
||||||||||||||||||||||||||||
