| Author |
Spid's Fri (11/15) Win2k Pro. QoD
|
|
|
| Happy Friday Everyone!!!!
Let's see how we all do with this one 
Enforcer is a systems administrator for a mid-sized company. All client computers are Windows 2000 Professional and all client computers use DHCP for their TCP/IP configuration.
The network administrators install a new T1 line and router for Internet access. This router must only be used by the Administrative staff.
Enforcer needs to configure the administrative staff's computers to use this new router. He must also ensure that non-administrative staff users can't gain access to the Internet through this router. Finally, he only wants to configure each "targeted" client computer only once.
Note - You do not have the situation where a non-administrative staff user will go over and use an administrative staff's computer system.
What does Enforcer need to do? (Select the best choice)
A. At each administrative client computer, use
the route add -f command to enter the new route information.
B. At each administrative client computer, use
the route add -p command to enter the new route information.
C. At each administrative client computer, use
the route add command to enter the new route information.
D. Enable the 031 Perform Router Discovery option in the scope options for DHCP.
E. None of the above.
Good luck and see you Monday for the answer!! | |
| Slinky 2002-11-15, 8:48 am |
| This sounds like an ideal question for 70-216.
The answer is B. | |
| hairy51 2002-11-15, 9:20 am |
| I would say B aswell, The /p switch makes the route persistent (It doesn't get rid of it when you log off)
Am i on the right track?!!! | |
| rafman 2002-11-15, 10:52 am |
| I'm going with B. At each administrative client computer, use the route add -p command to enter the new route information.
Making the route persistent.
~RafMan | |
| NetChild1985 2002-11-15, 12:06 pm |
| B | |
| Deja-vue 2002-11-15, 12:47 pm |
| B would do the trick.
I had a similar question in the 216 Test.
 | |
| namrak 2002-11-15, 7:24 pm |
| Chipping in with answer (B). | |
|
| quote:
Originally posted by Spid
Happy Friday Everyone!!!!
Let's see how we all do with this one
Enforcer is a systems administrator for a mid-sized company. All client computers are Windows 2000 Professional and all client computers use DHCP for their TCP/IP configuration.
The network administrators install a new T1 line and router for Internet access. This router must only be used by the Administrative staff.
Enforcer needs to configure the administrative staff's computers to use this new router. He must also ensure that non-administrative staff users can't gain access to the Internet through this router. Finally, he only wants to configure each "targeted" client computer only once.
Note - You do not have the situation where a non-administrative staff user will go over and use an administrative staff's computer system.
What does Enforcer need to do? (Select the best choice)
A. At each administrative client computer, use
the route add -f command to enter the new route information.
B. At each administrative client computer, use
the route add -p command to enter the new route information.
C. At each administrative client computer, use
the route add command to enter the new route information.
D. Enable the 031 Perform Router Discovery option in the scope options for DHCP.
E. None of the above.
Good luck and see you Monday for the answer!!
And the answer is......B
By default, routes are not retained when the computer is restarted. By using the -p parameter with the Route Add command on the Administrative computer systems will create a persistent route on that computer (It will still be there after the system is restarted). This will enable the client Administrative computers to gain access to the Internet through the router and it only needs to be done once.
Note - The -f switch clears all routes.
The router discovery option of DHCP could be used as well, But it would configure ALL computers with the router address. Therefore, Administrative and Non-Administrative computers would gain accesss to the Internet, and we don't want that. | |
| enforcer 2002-11-18, 7:57 am |
| Jeez a question about me and I missed it. 
Anyway thanks for your help guys, now to go around all those admmin staffs pc's.
That's 30 mins work, I'll be back in 10 | |
| OmnipotentOne 2002-11-20, 6:33 am |
| I'd have to go with E, none of the above due to the wording of the question
quote:
He must also ensure that non-administrative staff users can't gain access to the Internet through this router
adding static route would allow the administors to use the route but wouldn't restrict it's use from non-administors. | |
|
| quote:
Originally posted by OmnipotentOne
I'd have to go with E, none of the above due to the wording of the question
adding static route would allow the administors to use the route but wouldn't restrict it's use from non-administors.
Could you clarify this. I'm not sure I follow how a non-administrator would be able to use this router.
The question states that the new router is attached to the Internet. It also states that we would not have a case where a non-administrative person would log onto an Administrative person's system.
The only systems that would have Internet access would be the Administrative systems that had the route add -p command run on them with the address of the new router. | |
| OmnipotentOne 2002-11-20, 9:21 pm |
| your origional question said that you'd have to insure that non-admins don't access the router. This solution provides admins access to the router, but does nothing to prevent a user from putting in the static information themselves. | |
|
| You're assuming that non-administrative users know what the ip address to the new router is and they are savy enough to even know how to enter the information in themselves.
No offense, but I think you're taking the "ensure" statement a little too far.
The next thing you'll be stating is that I didn't say that the administrative computer systems were in a locked room so non-administrative people could still sneak into the room without anyone seeing them and use an administrative system.
I guess we'll have to just agree to disagree on this. | |
| OmnipotentOne 2002-11-21, 12:13 am |
| Obviously your average user isn't going to be able to configure it, but there are users who could and would, and the majority of security compromises come from within. Now if you want to have administrators use the router but it isn't a huge risk to have non-admins use the router, by all means use the option, but in the question it stated that you wished to ensure that non-admins couldn't gain access via the router. Simply not programing the route into their pc definantly isn't assurance against this and it wouldn't take a whole lot of effort for someone to find the ip address of the router. | |
|
| You base your debate on a hypothetical "real-world" situation that could happen or could not. You don't know how hardened they have their network infrastructure, the security policies that are in place, etc.... I can just tell you that in my netwrok environment, users are unable to accomplish this do to the security policies we have in place on the workstations and the fact that they are not privy to this type of information.
I'm not stating that don't have a valid point, because you do. All I'm trying to do is point out that within the context of the question and information initially given, you can't make those assumptions that you are using to defend your choice of "E".
Maybe I should have stated "ensuring to the best of your ability" or something to that effect. Again, I appreciate you feedback and your point is valid, I just don't feel it's valid with respect to this question.
However, I will take this discussion as an opportunity for improvement and going forward, I will attempt to mimimize the vagueness on my part.
Thanks. |
|
|
|