QUESTION NO: 150
You are the administrator of TestKing’s network, which consist of a single Windows 2000 domain. The relevant portion of its configuration is shown in the exhibit.
RAS1 is a Windows 2000 Server computer running routing and remote access. Your firewall is a hardware-based firewall solution that supports port filtering and General routing Encapsulation packet editing. All computers on your internal subnet use private IP addresses in the 10xxx range. The firewall provides network address translation for Internet access. Company employees must be able to use the Internet to connect to your internal subnet. You need to ensure that the connections are as secure as possible.
Which three courses of action should you perform? (Each correct answer presents part of the solution. Choose three)
A. Configure the client computers to dial in to RAS1 by using an L2TP virtual private network. Configure RAS1 to accept L2TP connections.
B. Configure the client computers to dial in to RAS1 by using a PPTP virtual private network. Configure RAS1 to accept PPTP connections.
C. Configure the firewall to route incoming traffic on the PPTP port to RAS1
D. Configure the firewall to route incoming traffic on the L2TP port to RAS1
E. Configure the firewall to edit the GRE call ID on incoming GRE packets
F. Install a server encryption certificate on RAS1
Answer: B, C, E
Explanation:
B: The firewall provides network address translation. This makes it impossible to use L2TP/IPSec since IPSEC changes the IP headers. We cannot use the L2TP protocol since it would not provide any security, which is a requirement. So the clients and the RAS server must be configured to use PPTP.
C: PPTP use port 1723 for maintenance traffic. Incoming traffic in this port should be routed to RAS1.
E: If we are using a PPTP tunnel, then we can place our VPN server behind the firewall if the firewall supports GRE packet editing, which is the case in this scenario. Unlike the TCP and IP protocols, which communicate on ports, the GRE protocol uses "call ID numbers" to establish sessions.
Reference: Technet: VPNs and Network Address Translators
Incorrect Answers:
A: L2TP/IPSEC cannot be used in connection with NAT.
D: There are no L2TP ports to be configured on the firewall. We must use PPTP not L2TP or L2TP/IPSec.
F: PPTP includes encrypted tunneling. Installing a server encryption certificate would not improve the
encryption of the tunnel.
You are the administrator of TestKing’s network, which consist of a single Windows 2000 domain. The relevant portion of its configuration is shown in the exhibit.
RAS1 is a Windows 2000 Server computer running routing and remote access. Your firewall is a hardware-based firewall solution that supports port filtering and General routing Encapsulation packet editing. All computers on your internal subnet use private IP addresses in the 10xxx range. The firewall provides network address translation for Internet access. Company employees must be able to use the Internet to connect to your internal subnet. You need to ensure that the connections are as secure as possible.
Which three courses of action should you perform? (Each correct answer presents part of the solution. Choose three)
A. Configure the client computers to dial in to RAS1 by using an L2TP virtual private network. Configure RAS1 to accept L2TP connections.
B. Configure the client computers to dial in to RAS1 by using a PPTP virtual private network. Configure RAS1 to accept PPTP connections.
C. Configure the firewall to route incoming traffic on the PPTP port to RAS1
D. Configure the firewall to route incoming traffic on the L2TP port to RAS1
E. Configure the firewall to edit the GRE call ID on incoming GRE packets
F. Install a server encryption certificate on RAS1
Answer: B, C, E
Explanation:
B: The firewall provides network address translation. This makes it impossible to use L2TP/IPSec since IPSEC changes the IP headers. We cannot use the L2TP protocol since it would not provide any security, which is a requirement. So the clients and the RAS server must be configured to use PPTP.
C: PPTP use port 1723 for maintenance traffic. Incoming traffic in this port should be routed to RAS1.
E: If we are using a PPTP tunnel, then we can place our VPN server behind the firewall if the firewall supports GRE packet editing, which is the case in this scenario. Unlike the TCP and IP protocols, which communicate on ports, the GRE protocol uses "call ID numbers" to establish sessions.
Reference: Technet: VPNs and Network Address Translators
Incorrect Answers:
A: L2TP/IPSEC cannot be used in connection with NAT.
D: There are no L2TP ports to be configured on the firewall. We must use PPTP not L2TP or L2TP/IPSec.
F: PPTP includes encrypted tunneling. Installing a server encryption certificate would not improve the
encryption of the tunnel.
201
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
