通过电话号码限制远程拔号数量

QUESTION NO: 206

You are the administrator of a Windows 2000 domain. The domain has a Windows 2000 member server computer named TestKingA. Routing and Remote Access is enabled for remote access on DeskA. Your company is organizing an industry trade show in a conference center. You have set up 15 desks and telephones in the conference area. During the conference, attendees will be allowed to dial in to your network by using any of the 15 telephones. Each telephone line has its own telephone number.
The conference attendees can use their own portable computers to dial in. When attendees dial in to TestKingA, they do not need to specify a user name or password. However, you do not want to allow dial-in access from any telephone other than the 15 telephones in the conference area. You enable unauthenticated access on the TestKingA remote access server. You also create a remote access policy named Conference that allows unauthenticated access as the authentication method. Attendees report that they are not able to dial in unless they specify a user name and password. You want to ensure that
attendees can dial in without specifying a user name and password. What should you do?

A. Create a user account named Conference Guest. Configure Routing and Remote Access to use the
    Conference Guest account as the default user identity.
B. Configure the Conference Guest account to use the 15 phone numbers as Caller ID. Create 15 user accounts named Conf-1, Conf-2, Conf-3, and so on through Conf-15. Specify a separate Caller ID phone number for each of the 15 users.
C. Create 15 user accounts that use each phone number as the user name. Configure Routing and Remote Access to use the calling number as the authentication identity.
D. Configure the Conference remote access policy so that it has a Calling-Station ID condition. Use the
15 phone numbers as the condition


Answer: C
Explanation: 呼叫号码能被用来验证,远程用户不必提供任何信任.
Automatic Number Identification/Calling Line Identification (ANI/CLI) authentication is the authentication of a
connection attempt based on the phone number of the caller.

ANI/CLI 服务返回呼叫方的号码给接收方, 这种方式被大多数标准的电话公司支持. In ANI/CLI authentication, a user name and password are not sent.

Incorrect Answers:
A: The user accounts should have the telephone numbers as user names.
B: We want to avoid the need to a supply user name and password. In caller ID authorization, the caller sends a valid user name and password. The caller ID that is configured for the dial-in property on the user account must match the connection attempt; otherwise, the connection attempt is rejected.
D: The calling-station ID condition would allow the calling-station to connect. However, the connecting use still needs to be authenticated and therefore a username and password would still be required.