| Author |
Spid's Tue (11/26) Win2k Pro. QoD
|
|
|
| You are the administrator of your companies network. You have a Windows 2000 server called VPN1 that runs Routing and Remote Access, and all client computers are Windows 2000 Professional systems.
Salesmen that travel to customer sites use their company issued Windows 2000 portable computers to dial in to VPN1 for network access. The portable computers are configured for smart-card support with company-issued certificates.
You need to configure VPN1 so that the vpn connections are secure as possible.
Which two actions should you perform?
A. Require L2TP/IPSec tunnel connections for all dial-up users.
B. Require PPTP tunnel connections for all dial-up users.
C. Require MS-CHAP v2 authentication for all dial-up users.
D. Require EAP smart cards or certificates for authentication for all dial-up users.
Good luck and see you tomorrow for the answer!! | |
| Slinky 2002-11-26, 8:30 am |
| Definately A & D. | |
| Surender 2002-11-26, 10:14 am |
| A,D. | |
| soccer4net 2002-11-26, 10:32 am |
| a,d | |
| NetChild1985 2002-11-26, 11:08 am |
| I agree with A & D. | |
|
|
| Forsaken 2002-11-26, 1:29 pm |
| I know one of the answers is 'D' would never have guessed A tho..but soon I would be more confident after studying more grrrr hehe | |
| adam salam 2002-11-26, 2:33 pm |
| first I choosed only "D" and after revision I choosed "A" & "D"
 | |
| namrak 2002-11-26, 6:22 pm |
| Have to go with answers (A) and (D) as well. | |
| Deja-vue 2002-11-27, 1:04 am |
| A & D it is.
This Question hunts you again in 218.
| |
| robertmillar 2002-11-27, 6:12 am |
| A & D | |
|
| quote:
Originally posted by Spid
You are the administrator of your companies network. You have a Windows 2000 server called VPN1 that runs Routing and Remote Access, and all client computers are Windows 2000 Professional systems.
Salesmen that travel to customer sites use their company issued Windows 2000 portable computers to dial in to VPN1 for network access. The portable computers are configured for smart-card support with company-issued certificates.
You need to configure VPN1 so that the vpn connections are secure as possible.
Which two actions should you perform?
A. Require L2TP/IPSec tunnel connections for all dial-up users.
B. Require PPTP tunnel connections for all dial-up users.
C. Require MS-CHAP v2 authentication for all dial-up users.
D. Require EAP smart cards or certificates for authentication for all dial-up users.
Good luck and see you tomorrow for the answer!!
And the answers are... A and D
Nice job everyone. You'll see this stuff on the 70-216 exam as well.
Seeing that we have Windows 2000 clients with smart-cards and company issued certificates we can use L2TP/IPSec connections and EAP-TLS authentication.
EAP-TLS is only supported by VPN clients running Windows XP or 2000.
L2TP can only be used with Windows XP or 2000 clients and supports computer certificates as the authentication method for IPSec.
For L2TP/IPSec connections, any authentication protocol can be used because the authentication occurs after the VPN client and server have established a secure communication channel. However, the use of either MS-CHAP v2 or EAP-TLS is recommended to provide strong user authentication.
EAP-TLS is designed to be used in conjunction with a certificate infrastructure and either user certificates or smart cards. With EAP-TLS, the VPN client sends its user certificate for authentication and the VPN server sends a computer certificate for authentication. This is the strongest authentication method because it does not rely on passwords. |
|
|
|