|
Home > Archive > 70-216 > July 2003 > Enforcers 216 QOD (8/7)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Enforcers 216 QOD (8/7)
|
|
| enforcer 2003-07-08, 6:00 am |
| Jonoplunk is tha administrator for a Windows 2000 network. The network contains four Windows 2000 server computers that use IPSec to secure the network communication.
While using IPSec Monitor, Jonoplunk determines that hard security associations (SAs) aren't being established between computers. after running IPSec monitor on one of the computers, Jonoplunk finds that a soft SA exists between two of the computers. He also finds that the security setting for the SA is set to None.
Which steps should Jonoplunk take to prevent this soft SA from remaining between the computers? (Choose all that apply.)
A. Start traffic
B. Stop all traffic
C. Restart the policy agent
D. Refresh the IPSec monitor
E. Reboot the server computers
F. Verify the SA isn't displaying in IPSec Monitor
G. Change the security setting for the SA to Enabled.
H. Apply the latest service Pack
Answer tomorrow | |
|
| Oooo, very nice question. 
I'll go with ABCF. But the order would be:
B - Stop traffic
F - Verify the SA is gone in the IPSec monitor.
A - Start traffic
C - Restart the policy agent.
Unless I'm missing something, that should do it. | |
| enforcer 2003-07-09, 4:59 am |
| nearly 70 views and only one person brave enough, will let this run another day, give people some time to do some research and come back with an answer.
Go google baby. yeah!  | |
| serpico 2003-07-09, 6:02 am |
| quote:
give people some time to do some research and come back with an answer
I read this thread 2-3 times today and didn't dare guess, but since this has gone to being an open-book question...
b,f,a,c
from: Windows2000Server help, search for "hard sa", it gives a two paragraph explanation. | |
| adam salam 2003-07-09, 11:33 am |
| Good Q that made me search , difficult one 
B, F, A, C
B. Stop all traffic
F. Verify the SA isn't displaying in IPSec Monitor
A. Start traffic
C. Restart the policy agent
---
I found that in w2k help files:
Soft SAs are preventing hard SAs
If IPSec Monitor reveals that secured (or hard) security associations (SAs) are not being established, it may be due to soft SAs between the peers. This could prevent hard SAs from being established. To determine if this is the cause, run IPSec Monitor on one of the peers. If an SA exists between the two computers, and the security setting is "None", this indicates a soft SA. This soft SA will remain on that computer as long as traffic is being regularly sent between the two computers. For more information, Using IPSec Monitor
To prevent this, stop all traffic until the SA times out (usually 5 minutes), verify the SA is gone in IPSec Monitor, then start traffic again. A hard SA should automatically be established if policies are compatible. Then, restart the policy agent to delete all soft SAs you must restart the policy agent.
| |
| Jonoplunk 2003-07-10, 2:30 pm |
| Well that one got me, I haven't gone through that section yet, but feel that it still would have thrown me.
In looking for the answer I used the Windows help in Server 2000, got a good clear explanation.
Agree with B,F,A,C
Great question! | |
| enforcer 2003-07-11, 9:15 am |
| quote:
Originally posted by enforcer
Jonoplunk is tha administrator for a Windows 2000 network. The network contains four Windows 2000 server computers that use IPSec to secure the network communication.
While using IPSec Monitor, Jonoplunk determines that hard security associations (SAs) aren't being established between computers. after running IPSec monitor on one of the computers, Jonoplunk finds that a soft SA exists between two of the computers. He also finds that the security setting for the SA is set to None.
Which steps should Jonoplunk take to prevent this soft SA from remaining between the computers? (Choose all that apply.)
A. Start traffic
B. Stop all traffic
C. Restart the policy agent
D. Refresh the IPSec monitor
E. Reboot the server computers
F. Verify the SA isn't displaying in IPSec Monitor
G. Change the security setting for the SA to Enabled.
H. Apply the latest service Pack
Answer tomorrow
and the answer is ABC & F
the correct procedure is Stop the traffic (B), use the IPSec Monitor to verify that the SA no longer exists(F) start the traffic(A) and then restart the policy agent(C)
There is no need to reboot the server,. refreshing the IPSec reset th SA currently in use and Changing the security seettings to enabled isnot required.
Well done for researching this one. |
|
|
|
|