2.)You work as a network administrator at test. You recently upgraded your Microsoft Proxy Server 2.0 computer to ISA Server. Before the up grade, users on your internal network were able to access any Web site on the Internet.
Now, users report that they can no longer browse on the Internet.
You must enable users to browse Web sites on the Internet. What should you do?
A. Configure a site and content rule to allow the users to access extemal Web sites.
B. Configure a protocol rule to allow outbound HTTP traffic.
C. Configure the client Web browsers to send CERN-compliant requests to TCP port 1080.
-D. Configure ISA Server to listen for outbound Web requests on TCP port 80.
3.)You administer your company network, which consists of a single Microsoft Windows 2000 domain. You are planning the deployment of an ISA Server array that will provide internal users with HTTP access. You install ISA Server and create appropriate site and content rules and protocol rules to ensure compliance with company policies regarding Internet access.
The client computers on your network consist of Windows 98 computers, Windows NT workstation computers, Windows 2000 Professional computers, and UNIX workstations. You want to provide Internet access for all client computers while preventing non-company users from accessing the Internet through the ISA Server computer. You also want to reduce the amount of administrative effort required to configure and maintain the client computers.
Which two actions should you take to achieve these goals? Each correct answer presents part of the solution. (Choose two)
-A. Configure all client computers as web proxy clients.
B. Configure all client computers as SecureNAT clients.
C. Configure all client computers as Firewall clients.
-D. Configure basic authentication for outgoing web requests.
E. Configure digest authentication for outgoing web requests.
F. Configure integrated authentication for outgoing web requests.
4.)You are the network administrator for your company. You up grade your Microsoft proxy server 2.0 computer to ISA server. Before the up grade, you successfully published your Microsoft exchange server 5.5 computer, which resides on your internal network. After the upgrade, you con figure an SMTP publishing rule. Now external users cannot send e-mail to recipients on your exchange server.
External users must be able to send e-mail to your Exchange server. What should you do?
A. On the ISA server computer, install the SMTP component and configure a server publishing rule to redirect SMTP traffic to the lP address of the exchange server.
-B. On the exchange server, delete or rename the wscfg.ini file and configure the exchange server as a SecureNAT client.
C. Modify the service start-up order on the exchange server to ensure that the firewall client software starts up after the Internet mail connector service.
D. Configure a mail-publishing rule on the ISA server computer to redirect traffic to the lP address of the host listed in the MX record of the DNS server.
5.)You are the network administrator for your company, which includes a main office and two branch offices. Your network includes an ISA server computer named Porti SA, an intranet server named PortWeb, and a DNS server named PortDNS. PortISA is configured to publish automatic configuration information. You use only the DNS service on PortDNS for host name resolution. There are no DNS records for Porti SA.
You need to reco n figure PortISA so that all users can browse web sites on the Internet and upIo ad files to FTP servers on the Internet. You also need to enable administrators in each of the branch offices to install the Firewall client software from http://PortWeb/CLNTINST/.
Which three actions should you take? Each correct answer presents part of the solution. (Choose three)
-A. On PortWeb, create a virtual directory named CLNINST. Set the home directory to \ \PortISA \mspcint\webinst\.
B. On PortISA, create a file share named CLNTINST on c:\program files\Microsoft ISA Server\clients \ web inst.
-C. On PortDNS, create an A record for PortISA. Create a CNAME record named wpad that points to the A record.
D. On PortDNS, create an A record for PortWeb. Create a CNAME record named wpad hat points to the A record.
E. On PortISA, create a protocol rule that allows Everyone to use the FTP server protocol, the HTTP server protocol, and the HTTPS server protocol.
-F. On PortISA, create a protocol rule that allows Everyone to use the FTP client protocol, the HTTP client protocol, and the HTTPS client protocol.
6.)Users in your company frequently use NetMeeting to conduct meetings with users at other companies. The users in your company report that they can place NetMeeting calls to their counterparts at other companies, but the reverse is not true. Users at the other companies cannot use their H.323 gateway to locate NetMeeting users in your company. Administrators in the other companies want to set up an H.323 e-mail address rule to contact employees in your company.
You need to con figure your network to meet these needs. What should you do?
A. Configure your extemal DNS server to allow dynamic updates. Configure the extemal network adapter of your H.323 gateway to use the extemal DNS server for name resolution.
B. Configure your internal DNS server to allow dynamic updates. Configure the internal network adapter of your H.323 gateway to use the internal DNS server for name resolution.
C. On your DNS server, manually add a DNS service location record for the Q931 service on TCP port 1720.
D. In the properties of the H.323 application filter, select Use DNS Gatekeeper lookup and LRQs for alias resolution.
7.)You are the administrator of your company network. you install ISA server with default settings on a server with two modems. You configure this server to allow Internet access for your client computers. You also configure dial-up entries on this server, as shown here.
Available Dial-Up Entries
You install routing and remote access on the ISA server computer. Users on the network now report that they cannot connect to external web sites.
You need to recon figure your server to accomplish this goal; Whenever it receives a client request, this computer must automatically connect to the ISP by using the primary dial-up connection.
Which two actions should you take? Each correct answer is part of the solution. (Choose two)
A. Install and configure network address translation on your ISA server computer.
-B. Edit the default routing rule to use the ISP dial-up connection.
C. Create a network dial-up connection that includes the user account credentials for the ISP.
D. Add a new routing rule. Specify an upstream proxy server address on the Internet.
-E. Set the primary dial-up connection as the active dial-up connection
8.)You are planning to con figure the ISA client computers in your company network. The relevant portion of your network is configured. Client computers on Subnet A consist of Microsoft Windows 98 and Windows 2000 Professional computers and UNIX workstations. All Windows-based client computers are members of a Windows 2000 domain. All computers in the network have static ally assigned lP addresses. The internal DNS server is configured as a root name server. It hosts only the zone for the company domain.
You need to configure the ISA client computers and the network components to enable all ISA client computers to access the internal and external web servers. To minimize administrative complexity and accommodate all client computer platforms, you plan to con figure all client computers as SecureNAT clients.
Which three actions should you take? Each correct answer presents part of the solution. (Choose three)
A. Set the default gateway parameter on all client computers to the address of the ISA Server computer.
-B. Set the default gateway parameter on all client computers to the address of the local subnet routers.
-C. Remove the root zone from the internal DNS server.
D. Configure the client computers to query only DNS servers on the Internet.
E. Create packet filters on the ISA Server computer to allow Web protocols and incoming DNS requests.
-F. Create a protocol rule on the ISA server computer to allow web protocols and DNS requests.
9.)You are the administrator of your company's network, which includes an array of three ISA server computers configured as shown in this table.
Host Internal External
Name lP Address lP Address
ISA-server! 10.10.100.100124 131.107.200.1/24
ISA-server2 10.10.100.101/24 131.107.200.2124
ISA-server3 10.10.100.102124 131.107.200.3124
The properties of the ISA-server1 are configured as shown in the exhibit. The exhibit show following.
ISA-SERVERl Properties
Two network adapters are installed and configured on each array member. All three array members are configured with a Network Load Balancing (NLB) cluster whose lP address is 131. 107.200. 10124
Users report that Internet access is very slow. You need to configure the array members to use caching.
What should you do?
A. Change the intra-array lP address to the lP address of the NLB cluster.
-B. Change the intra-array lP address to the lP address of the internal network adapter.
C. Change the intra-array lP address to the lP address of the extemal network adapter.
D. Change the local factor on all array members to equal numeric values.
E. Change the load factor on all array members to different numeric values.
10.)You are deploying ISA server in your company network. You install ISA Server in firewall mode. You do not enable packet filtering. You then conduct a pilot deployment of ISA Server clients, and you con figure several test computers on your network as SecureNAT clients. You create a single protocol rule to give all clients un restricted access to all protocols. Your pilot users report that none of the test computers can access the Internet through the ISA Server computer. On investigation, you discover that no client requests are being received or processed by this server.
How should you correct this problem?
-A. Configure the routers with a default route to the internal lP address of the ISA Server computers.
B. Configure the routers with a default route to the lP address of the router of your ISP.
C. Enable packet filtering and create packet filters on the ISA Server computer to allow all packets to cross the firewall.
D. Enable packet filtering and delete all built-in packet filters.
11.)You are hired to administer a Microsoft Windows 2000 network for test Ltd .. This network already configured before you began your job. The current configuration includes as ISA server computer named ISA1 and a Windows 2000 Server computer named RRASl. Both ISA1 and RRAS1 provide VPN access to internal resources. ISA1 also provides firewall and caching services, and it is the web server for your company's Internet site.
You now need to con figure WWW2, which is your internal web server. WWW2 should be available to all employees, even if they are working from home. It requires a high level of security.
Your solution must provide public access to ISA1 and employee-only access to WWW2. It must also ensure the highest possible level of security.
What should you do?
-A. Change the TCP port used by the web server component on ISA1. Create a web publishing rule to use the new port. Decommission RRAS 1. Configure ISA1 to act as a VPN server and to allow remote users to connect by using PPTP.
B. Ensure that the web server component on ISA1 uses the default TCP port. Create a web publishing rule to use the default TCP port. Configure RRAS 1 to act as a VPN server and to allow remote users to connect by using PPTP.
C. Change the TCP port used by the web server component on ISA1. Create a web publishing rule to use the new port. Install a digital certificate on WWW2 to encrypt HTTP session traffic. Configure ISA1 to redirect HTTPS requests to WWW2.
D. Ensure that the web server component on ISA1 uses the default TCP port. Create a web publishing rule to use the default TCP port. Configure WWW2 to use integrated windows authentication. Configure ISA1 to redirect HTTP requests to WWW2.
12.)You are the enterprise administrator for Trey Research. Your company network includes one Microsoft Windows 2000 domain and four sites. Each site has 500 client computers. The relevant portion of your network configuration is shown in the exhibit.
The Amsterdam site contains an array of three ISA Server computers. This array provides Internet access to client computers in all four sites.
Trey Research wants to reduce the bandwidth used on internal connections for Internet access. Amsterdam will remain the only site with a direct connection to the Internet.
Which two actions should you take? Each correct answer presents part of the solution. (Choose two)
A. Install additional ISA Server computer in Berlin, Rome, and Paris. Join these servers to Corp ISA Array.
-B. Install additional ISA Server computer in Berlin, Rome, and Paris. Create a separate array in each of these sites.
-C. Create a routing rule in Berlin, Rome, and Paris to route client requests to Corp ISA array.
D. Install the firewall client software on the ISA server computers in Berlin, Rome, and Paris. Specify Corp ISA array as the destination.
E. Create a web publishing rule in Berlin, Rome, and Paris. Redirect all client requests to Corp ISA Array.
F. Configure the ISA server computers in Berlin, Rome, and Paris to use one of the lP addresses of Corp ISA Array for intra-array communication.
13.)You administer one ISA server computer that is connected to the Internet. Your internal network consists of a Microsoft Windows 2000 forest with three domains. All client computers run Windows 2000 Professional, and all are configured with the Microsoft Internet explorer proxy settings shown in the exhibit.
You verify that users can successfully connect to Internet sites through the ISA server computer. However, you notice that network traffic for local web servers is frequently routed to this server.
You need to ensure that network traffic for the local web servers in your three domains is not routed to the ISA server computer. What should you do?
A. Create a web publishing rule that applies to all destinations in the three domains.
B. Edit the msplat.txt file to include the lP addresses used by all computers in the three domains.
C. Configure the local domain table with a list of the three domain names.
D. Configure the Internet explorer content Advisor with a list of approved sites. Include the three domains.
-E. Configure Internet explorer with a list of exceptions that should not use the proxy server. Include the three domain names.
|