41.)You are the administrator of a new ISA server computer that contains two network adapters. One network adapter is connected to the Internet, and the other is connected to your internal network. All users on the internal network use Microsoft Windows 2000 Professional or Windows NT workstation 4.0. All client computers are SecureNAT clients of the ISA server computer.
Your company wants to deploy a network application named Netapp, which uses TCP port 2731. Only users in the security group named Netapp. Users are allowed to use the Netapp protocol through the firewall.
You create a new protocol rule that allows the use of the Netapp protocol for members of Netapp Users. You verify that the protocol does not embed any lP addressed in the Netapp data.
Members of Netapp users now report that they cannot use Netapp through the firewall. How should you correct this problem?
A. Configure the ISA server computer to ask unauthenticated users for identification for outgoing web requests.
B. Create a site and content rule that allows access to the destinations used by Netapp.
C. Ensure that the network configuration of the ISA server computer allows requests from the SecureNAT client to connect to the Internet.
-D. Install the firewall client software on all client computers.
42.)You are the administrator of your company network. You install and con figure ISA server on a computer named ISA-server1. An employee named Michael, who works offsite, frequently need to transfer highly confidential files to the company network. His computer runs Microsoft Windows 2000 Professional.
You need to provide Michael with VPN access to your network. What should you do?
A. Enable a PPTP tunnel to pass through ISA-server!. Configure static packet filters for PPTP call and PPTP receive.
B. Enable lP routing. Configure static packet filters for L2TP.
C. On ISA-server!, run the Remote ISA VPN Wizard. Create a VPN connection on Michael's computer.
-D. On ISA-server!, run the ISA VPN server wizard. Create a VPN connection on Michael's computer.
43.)You are the network administrator for your company. You purchase a new computer, which you plan to use as the ISA server computer on your network. You want this computer to provide SMTP content filtering for your existing e-mail server. In addition, you want this computer to replace your current Web server. You install Microsoft Windows 2000 Server with default settings on the new computer.
Now you need to prepare this computer to fulfill your requirements. Which two actions should you take? Each correct answer presents part of the solution. (Choose two)
A. Uninstall the SMTP component of the new computer.
B. Uninstall the NNTP component of the new computer.
-C. Configure the TCP port used by the web server component of the new computer to use a port that is not currently used.
D. Configure a new SMTP remote domain to handlemail delivery for the DNS domain of your company.
-E. Assign the lP address of the new computer's default web site to the internal lP address of the new computer.
F. Assign the lP address of the SMTP server to the internal lP address of the new computer.
44.)You are preparing an existing Microsoft Windows 2000 Server computer to use as an ISA server computer. This computer will protect your internal network. It currently provides a dial-on-demand VPN connection to a remote office. It also provides network address translation. This computer will continue to provide all its current functionality after it is configured as an ISA server computer.
You want to pre-con figure and install ISA server with the least possible administrative effort. Which two actions should you take? Each correct answer presents part of the solution. (Choose two)
A. In the routing and remote access console, delete the extemal interface used for the network address
translation protocol.
-B. In the routing and remote access console, delete the network address translation protocol object.
C. In the routing and remote access console, enable packet filtering.
-D. In the ISA server console, manually create packet filters for the VPN.
E. In the ISA server console, enable lP routing.
45.)You are the network administrator of a branch office for your company. The branch office and the main office are connected by dedicated fractional Tl line. The main office includes an array of ISA server computers. You use group policies and DHCP to administer the configuration of all client computers, which run Microsoft Windows 2000 Professional.
You need to install ISA server at the branch office to improve the performance of FTP and HTTP requests from your client computers. Your configuration must take advantage of the cache on the ISA server array in the main office.
What should you do?
A. Install ISA server in integrated mode. Use DH CP to configure the client computers at the branch office with the internal lP address of your ISA server computer as the default gateway.
B. Install ISA server in cache mode. Use DH CP to configure the client computers at the branch office with the internal lP address of your ISA server computer as the default gateway.
C. Install ISA server in integrated mode. Use DHCP to provide the location of the WPAD.DATABASE file to the client computers at the branch office.
-D. Install ISA server in cache mode. Use DHCP to provide the location of the WPAD.DATABASE file to the client computers at the branch office.
46.)You are the administrator of your company's Microsoft Windows 2000 network. For outbound Internet access, your company uses a Microsoft proxy server 2.0 array that consists of three servers running Windows NT server 4.0 You need to up grade your proxy server array to an ISA server enterprise array in your Windows 2000 domain. You must perform the up grade with the least possible administrative effort. You must also ensure that you can restore the current proxy server configuration, if necessary.
What should you do?
A. On each server in the array, use the proxy server console to back up the proxy server configuration to a text file. Uninstall proxy server. Up grade the three servers to Windows 2000 and install ISA sever on each one.
-B. On each server in the array, use the proxy server console to back up the proxy server configuration to a text file. Remove each server array. Upgrade the three servers to Windows 2000 and install ISA sever on each one.
C. On each server in the array, back up the Mailbox Store Policy directory. Remove each server from the proxy server array. Install the proxy server upgrade wizard and ISA server on each server.
D. On each server in the array, back up the Mailbox Store Policy directory. Remove each server from the proxy server array. Upgrade the three servers to Windows 2000 and install ISA server on each one.
47.)You are the network administrator for your company. You are using ISA Server to secure Internet access for your users. They must be able to access any external web site, but they must not be able to use other Internet applications. You create appropriate client address sets and destination sets to allow all Internet client computers to access any external web site. You also create a site and content rule to allow all these computers to access all destinations during work hours only.
Users now report that they receive a 502 Proxy Error message when they try to access external web sites, and they are denied access.
You need to enable users to access external web site. What should you do?
A. Create a new destination set to include the addresses of all allowed web sites.
B. Create a new protocol definition to include HTTP and HTTPS access.
C. Create anew site and content rule to allow all requests for Web-based content.
-D. Create a new protocol rule to allow HTTP and HTTPS traffic.
48.)Your company network includes a communication server named Commnet and an array of two ISA server computers. You are the administrator of the array, which is connected to the Internet. The Commnet protocol uses TCP port 2150.
Some of your users access the Internet through a local ISP named LA-ISP, which dynamically assigns lP addresses to client computers that dial in to the provider.
You want to con figure the ISA server array so that only LA-ISP users can access Commnet from the Internet. Which three actions should you take? Each correct answer presents part of the solution. (Choose three)
-A. Create a new protocol definition named Commnet Protocol for TCP port 2150. Configure Commnet protocol to use an inbound direction.
B. Create a new protocol definition named Commnet Protocol for TCP port 2150. Configure Commnet
protocol to use an outbound direction and a secondary inbound connection.
C. Configure the ISA server to listen for incoming web requests on TCP port 2150.
D. Create a new destination set named ISP set, which includes all lP addresses used by LA-ISP.
-E. Create a new client address set named ISP set, which includes all lP addresses used by LA-ISP.
F. Create a web-publishing rule for Commnet that applies to ISP Set and Commnet Protocol.
-G. Create a server-publishing rule for Commnet that applies to ISP set and Commnet Protocol.
H. Create a protocol rule that allows port 2150 network traffic for all users.
49.)You are the administrator of your company network, which consists of a main office and two branch offices. The network includes three Microsoft 2000 domain s, each in a separate forest. Company policy states that no trust relationships can exist between the domains.
The main office has a Tl connection to the Internet. The bran ch offices connect to the main office with dedicated 256-Kbps lines. The bran ch offices have no direct connection to the Internet.
You deploy ISA server arrays in integrated mode at each location. You want all Internet requests from the bran ch offices to be routed through the ISA server array in the main office. You also want to restrict access by users and groups.
Users in the bran ch office now report that they cannot connect to Internet resources. Users in the main office, however, are not experiencing any problems. You discover that users in the bran ch offices are being denied access when they try to connect to Internet resources.
How should you correct this problem?
A. Enable pass-through authentication to allow users from the branch office to access the ISA server array in the main office.
B. Create two-way trust relationships between the branch offices and the main office.
C. On the ISA server array in the main office, enable integrated Windows authentication for all incoming web requests.
-D. Configure the ISA server arrays in the branch offices with a user name and password to provide authentication to the ISA server array in the main office.
50.)You are the administrator of your company network, which consist of a single Microsoft Windows 2000 domain. All client computers run Windows 2000 Professional and use DHCP for their network configuration. ISA Server is installed in firewall mode. All client computers are configured as SecureNAT clients.
To prevent access to unauthorized web sites and content, you delete the default site and content rule. You also create protocol rules that allow only company-approved protocols to be used.
Your company uses a custom front-end application to access a project coordination application, which is hosted on the internal networks of several partners. The application uses HTTP to access the web sites of your partners, and it uses TCP port 15002 to make its initial connection to the application. It then uses TCP ports 25002 through 26001 for secondary connections, as needed.
You create a custom definition to allow the application to make its initial connection and all secondary connections. You create a custom application filter to support all connections. You register the filter with the firewall service and enable it.
Users now report that they cannot access the project coordination application. Which two actions should you take to correct this problem? Each correct answer presents parts of the solution. (Choose two)
A. Create a new packet filters to allow application traffic in both directions.
B. Disable all packet filtering on the extemal interface of ISA Server.
-C. Create a site and content rule that allows users to access the web sites of your partners.
-D. Create a protocol rule that uses your custom protocol definition. This rule allows users to access the protocols used by the custom application.
E. Create a protocol rule that allows all lP traffic. This rule allows users to access the protocols used by the custom application.
51.)You are the administrator of an ISA server computer that is connected to the Internet. Your internal network consists of one Microsoft Windows 2000 domain. All client computers run either Windows 2000 Professional, Windows NT workstation 4.0, or Windows 98. All users are members of the domain.
You are planning the deployment of ISA server . You want to accomplish these goals:
-Allow all users to access Internet sites, except for members of the security group named Summer Workers.
-Allow a maximum of five computers to connect concurrently to Internet sites through the ISA server computer.
You need to configure ISA server to accomplish these goals. Which four actions should you take? Each correct answer resents part of the solution. (Choose four)
A. Configure the security settings on ISA server to deny permissions to summer workers.
-B. Create a new site and content rule that applies to Summer Workers and denies access to all
destinations.
-C. Create a new protocol rule that allows the use of the HTTP protocol.
D. Create a new lP packet filter that allows the use of the HTTP protocol.
-E. For outgoing web requests, allow a maximum of five connections.
F. For outgoing web requests, configure listeners individually per lP address. Use five different internal lP addresses.
-G. For outgoing web requests, ensure that unauthenticated users are asked for identification.
52.)You are the administrator of your company network. You install ISA Server with default settings on a network computer. This computer is configured with the W3C extended logging file format.
The next day you create a report job. You run the job immediately, but no Web-based report documents are generated. The default log directory contains log files.
You configure your ISA server computer to generate a daily report of application and web usage. However, when you view the report, it contains no data.
What should you do?
-A. Create a report job to be scheduled immediately. View the reports following morning.
B. Create a report job to be scheduled immediately. View the reports immediately.
C. Enable logging for the firewall service and the web proxy service. Create a report job to be scheduled immediately. Import the FWSEXTDyyyymmdd.log into an HTML editor.
D. Enable logging for the firewall service and the web proxy service. Change the logging format to the ISA Server file format. Import the WEBEXTDyyyymmdd.log into an HTML editor.
|