54.)You are the administrator of your company network. You install ISA server on the network to provide firewall services. Subsequently, network users report that they are receiving large amounts of unsolicited e-mail. On investigation, you discover that all the unsolicited e-mail is coming from the same Internet domain
You want to block all e-mail coming from this domain. What should you do?
A. Create a destination set and a site and content rule to prohibit access to this domain.
B. Create a protocol rule that allows only authorized users to use the SMTP (server) protocol.
C. Enable the POP intrusion detection filter to block e-mail access from this domain.
-D. Enable the SMTP filter and add this domain name to the list ofrejected domains.
55.)You are the administrator of your company network.You install and configure ISA Server with default settings on ISA-Server1 and ISA-Server2. You also install and con figure a modem on each server. Users at the main office can now access the Internet, but users at the bran ch office cannot.
You need to enable users in the bran ch office to access the Internet. You also need to configure ISA¬server2 to automatically connect to ISA-server1.
What should you do?
-A. Create a network dial-up connection named MainOffice on ISA-server2. Create a new dial-up entry on ISA-server2. Select MainOffice as the active network dial-up connection. Configure the default routing rule to use the dial-up entry for the primary route.
B. Create a network dial-up connection named MainOffice on ISA-server!. Create a new dial-up entry on ISA-server!. Select MainOffice as the active network dial-up connection. Configure the default routing rule to use the dial-up entry for the primary route.
c. Configure routing and remote access on ISA-Server2. Create and configure a dial-on-demand interface named MainOffice. Add a routing rule on ISA-server!.
D. Configure routing and remote access on ISA-Server!. Create and configure a dial-on-demand interface named MainOffice. Add a routing rule on ISA-server!.
56.)You are the administrator of your company network, which includes a single Microsoft Windows 2000 domain. Currently, the network does not run ISA Server. You plan to install ISA sever on a computer named serverl, which is a member server in the domain.
The ISA Schema initialization tool successfully updates the schema. However, when you run the ISA server setup on Serverl, you receive this error message:
Microsoft ISA Server Setup
This computer cannot join an errey until it is part of a Windows 2000 domain, and an updated ISA Server schema is installed in Adive Directory. If you continue with Setup now this computer will be installed as a stand alone server.
Do you want to continue?
You want to install server1 as the first member of an ISA server array. What should you do?
A. Stop the installation ofISA server. On the Windows 2000 domain controller, rerun the initialization tool to modify the Active Directory schema. Log on to server! as a local user with administrative privileges and the same credentials as the schema administrator. Rerun the ISA server setup.
B. Continue the installation ofISA server. After the installation is complete, log on to server! as the enterprise and schema administrator for the domain. Run msisaent.exe to modify the Active Directory schema.
-C. Stop the installation ofISA Server. Log on to server! with a domain account that is a member of the enterprise admins group. Rerun the ISA Server setup.
D. Stop the installation ofISA Server. Log on to server l as a member of the enterprise admins group and the schema admins group. Run dcpromo.exe to promote server! to a Windows 2000 domain controller. Rerun the ISA Server setup.
57.)You are the administrator for your company. You install ISA server on a network computer and
con figure a report job. You use an NTFS simple volume for logging and reporting. When you examine event viewer a month later, it reports that your disk is full.
You want ISA logging and reporting to continue to create log files, but you also want to limit the amount of disk space used by these files. Which two actions should you take? Each correct answer presents part of the solution. (Choose two)
-A. Configure the logging properties of the Web proxy service, the firewall service, and the packet filters to limit the number of log files.
B. Configure the logging properties of the Web proxy service, the firewall service, and the packet filters to use the ISA Server file format.
C. Configure the logging properties of the web proxy service, the firewall service, and the packet filters to create a new log monthly.
D. Configure logging properties of the web proxy service and the packet filters to use the W3C file format.
-E. Configure the logging properties of the web proxy service, the firewall service and the packet filters to use a logging format with the minimum number of fields.
58.)You administer an array ofISA server computers. This array makes your company's public web site available to Internet users.
The ISA server array has one web publishing rule for incoming web requests. Each array member is configured to use cache of 5 GB. The web servers use Network Load Balancing (NLB).
When you monitor network traffic between the ISA server array and the web servers, you notice that the same web objects are cached by more than one of the array members.
You need to configure your network so that the array behaves as one logical cache of 15 GB. What should you do?
A. Configure NLB on the extemal network adapter of the three array members.
B. Configure a single lP address for intra-array communication on each array member.
C. Configure a cache load factor of 100 for each array member.
D. Configure a routing rule on each array member to forward inbound requests to the other array members.
-E. Configure the array to resolve inbound web requests within the array before routing.
59.)You are the network administrator for your company. You install and con figure ISA server with default setting on a network computer. Users in your sales group con figure their e-mail software to download e¬mail from the Internet. However, when they try to send or receive e-mail, they cannot access e-mail servers on the Internet.
You need to con figure your ISA server computer to allow only the sales group to send and receive e-mail. What should you do?
-A. Create a SMTP protocol rule and POP3 protocol rule to allow extemal access. Configure each rule to include the sales group.
B. Create a SMTP server protocol rule and POP3 protocol rule to allow extemal access. Configure each rule to include the sales group.
C. Create and enable a DNS lookup packet filter to allow extemal access configure the packet filter to use port 53.
D. Create a new protocol rule for Internet access. Configure the rule to allow access for the sales group.
60.)You are the administrator of your company network. ISA-server2 is configured to allow inbound VPN connections. You create a VPN connection on VPN¬client1 to connect to ISA-server1. Now you need to allow the users ofVPN-client1 to access resources on the finance server.
What should you do?
-A. On ISA-serverl, enable lP routing and enable the PPTP lP protocol to pass through the firewall.
Configure VPN -clientl as a SecureNA T client.
B. On ISA-server2, enable lP routing and enable the PPTP lP protocol to pass through the firewall.
Configure VPN -clientl as a SecureNA T client.
C. Run the remote ISA VPN wizard on ISA-server!. Install the firewall client software on VPN-client1.
D. Run the remote ISA VPN wizard on ISA-server2. Install the firewall client software on VPN-client1.
61.)You are the administrator of your company's ISA server computer. Users need to connect to an internal Microsoft Windows 2000 Server computer named TSl, which runs Terminal services. TSl is configured
as a SecureNAT client. However, when you run the server publishing wizard, you cannot select the Terminal services protocol.
You need to configure your ISA server computer to provide external access to TSL What should you do?
A. Install the firewall client software on TS 1. Ensure that the mspcint.ini file is downloaded to the directory where the firewall client software is installed.
-B. Create a protocol definition for the remote desktop protocol. Specify the direction as inbound with no secondary connections.
C. Install the firewall client software on TS 1. Create a wspcfg.ini file for the remote desktop protocol settings. Place the file in the directory where the firewall client software is installed.
D. Create a protocol definition for the remote desktop protocol. Specify the direction as outbound and configure a secondary connection for TCP ports above 1042.
62.)You administer your company network, which includes an ISA server computer. This computer is connected to the Internet by means of a 56-Kbps dial-on-demand connection. You con figure routing and remote access to connect the network to your local ISP.
Using network monitor, you discover that daily network traffic over the 56-Kbps connection is nearing capacity. You need to configure ISA server to decrease the volume of HTTP traffic over this connection during working hours. You also need to allocate as much bandwidth as possible to users during working hours.
What should you do?
A. Create a new bandwidth rule for HTML documents and configure it with an inbound bandwidth priority of 100.
B. Create a new bandwidth rule for HTML documents and configure it with an inbound bandwidth priority of 10.
C. Schedule content downloads from frequently visited web sites to occur during working hours.
-D. Schedule content downloads from frequently visited web sites to occur during non-working hours
|