Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

LAB 6

advertisement 
LAB 6
REVIEW QUESTIONS
1. In Exercise 6-2, which tunneling protocol did the VPN client on Computeryy use to
establish a connection to the remote access server? How can you tell?
The client uses PPTP to establish the VPN connection. You can tell by looking at the
Ports listing in the Routing and Remote Access console and noting that one of the
WAN Miniport (PPTP) ports is active.
2. In Exercise 6-3, what would be the result if you also selected the Use Extensible
Authentication Protocol (EAP) in the Advanced Security Settings dialog box on the client
computer?
There would be no change in the result because the server is not configured to use
EAP.
3. In Exercise 6-4, what would be the result if you used the Administrator account to
connect to the remote access server instead of the George Benwell account?
The Administrator account would not be able to connect to the server either,
because it also lacks the permissions needed.
LAB 7
LAB REVIEW QUESTIONS
1. In light of the modifications you made to the default domain policy settings in Lab 1,
what would be the result if, in Exercise 7-3, you modified the Password Policy settings in
the Maximum DC Security template and then proceeded to deploy the template in the
manner described in Exercise 7-4?
The Password Policy settings applied to the Domain Controllers container object
would take effect unless there was a define password policy in the Default Domain
Policy.
2. In Exercise 7-3, why was it necessary to delete all of the entries in the Registry and
File System nodes of the Maximum DC Security template?
Because you later deployed that template by importing it into a GPO, and the large
number of registry and file system settings existing would be added to the template
settings and would also generate a great deal of Active Directory traffic on the
network.
3. What would be the result if, in Exercise 7-4, you imported the Maximum DC Security
template into the Default Domain Controllers Policy GPO instead of creating a new GPO
(assuming that you left the Clear This Database Before Importing check box unselected)?
The settings in the template would overwrite any existing settings for the same
policies in the Default Domain Controllers Policy GPO. The end result to the
computers would be exactly the same as when the two GPOs were applied in
succession.
4. What Secedit.exe command would you use in Exercise 7-5 to apply only the Account
Lockout Policy settings from the Workstation.inf template to the computer?
Secedit /configure /db workstation.sdb /cfg workstation.inf /areas
SECURITYPOLICY /log workstation.log
5. What would be the result if, in Exercise 7-4, you imported the Maximum DC Security
template into the Default Domain Policy GPO instead of the Default Domain Controllers
Policy GPO?
The settings in the template would be applied to all of the computers in the domain.
LAB 8
LAB REVIEW QUESTIONS
1. In Exercise 8-1, why was it necessary to move the Computeryy object to an OU before
you could apply software restriction policies to it?
Because the default Computers container is not an OU and cannot have GPOs
applied to it.
2. Assuming that you do not have the permissions needed to create a new OU and move
the Computeryy object, what other method could you use to test your software restriction
policies on Computeryy?
You could configure the security restriction policies directly in the computer’s Local
Security Settings console.
3. In Exercise 8-4, why was Computerxx unable to connect to the Web server running on
the local computer?
Because you did not add the IP address of Computerxx to the list of granted
addresses in the IP Address And Domain Name Restrictions dialog box.
LAB 9
LAB REVIEW QUESTIONS
1. In Exercise 9-4, why is it preferable to clear the Network Authentication (Shared
Mode) check box?
Because using the WEP secret key for authentication makes it easier for intruders to
gather information about the key and eventually penetrate it.
2. In Exercises 9-3 and 9-4, what capability does the Enable Fast Reconnect check box
provide to wireless network users?
With Fast Reconnect enabled, a wireless client can roam from one access point to
another without having to re-authenticate each time.
3. In Exercise 9-3, you selected Protected EAP as the authentication method for the
wireless network. What would you need before you could use a different authentication
method?
Certificates and (optionally) smart cards and card readers on the client computers.
4. In Exercise 9-4, how does selecting Access Point (Infrastructure) Networks Only in the
Networks To Access drop-down list enhance the security of the network?
Limiting access to infrastructure networks only prevents users from creating their
own ad hoc wireless connections.
5. In Exercise 9-4, how does clearing the Automatically Connect to Non-Preferred
Networks check box enhance the security of the network?
Denying connections to non-preferred networks prevents users from connecting to
any wireless networks other than those specifically listed in the policy.
LAB 10
LAB REVIEW QUESTIONS
1. In Exercise 10-2, what would be the result if you typed computerxx in the Common
Name text box instead of computerxx.domainxxyy.contoso.com?
Users would have to connect to the Web site using the URL https://computerxx to
avoid receiving a certificate mismatch error message, instead of
https://computerxx.domainxxyy.contoso.com.
2. In Exercise 10-3 and Exercise 10-4, why is it necessary to submit the request for the
server certificate through the Web enrolment home page and manually issue the
certificate using the Certification Authority console?
Because the certification authority that is issuing the certificate is a standalone CA
and does not support auto enrolment.
3. How could the process of obtaining a certificate for the Web server be streamlined if
the certification authority was an enterprise CA instead of a stand-alone CA.
With an enterprise CA, it would be possible to submit the certificate request
immediately through the Web Server Certificate Wizard, instead of saving it to a
file and submitting it manually. The enterprise CA would also be able to
automatically issue the certificate with no manual intervention from an
administrator.
NOTE: To overcome the problems with generating the request for a certificate from
Computeryy, you must either:
1) Uninstall certificate services from Computerxx
2) Change the type of certificate on Computerxx from Enterprise CA to either
Enterprise Subordinate CA or Stand-Alone CA
Since Computeryy is member server of Computerxx’s domain and Computerxx is
running Enterprise CA services, Computerxx (as the domain controller) was unable
to request a certificate from an untrusted source (Computeryy).
Related documents
SCHOOL BOARD RECOGNITION
SCHOOL BOARD RECOGNITION
Child Protection study day 12th June 2007
Child Protection study day 12th June 2007
Project Analysis Form
Project Analysis Form
Application for Land Value Tax Rate Applicable to Land Used for
Application for Land Value Tax Rate Applicable to Land Used for
Sample PPT Template
Sample PPT Template
Download
advertisement