70-291 Resources
- Wednesday, June 11, 2008, 1:36
- Study Guide
- 12 views
- Add a comment
Hope these links help people easily find the information they need to gain a better understanding of the material presented on the 70-291 exam. Good luck to everyone planning to take this exam in the future!
QUESTION 1 :
Actualtest.org – The Power of Knowing
You work as the network administrator at Certkiller .com. The Certkiller .com
network consists of a single Active Directory domain named Certkiller .com. All
servers on the Certkiller .com network run Windows Server 2003 and all client
computers run Windows XP Professional.
Certkiller .com opens a new staff business college. The staff business college is located
in the Certkiller .com corporate headquarters building. You deploy a new application
server named Certkiller -SR23 on the Certkiller .com network. You install a new
custom application named TestApp1 on Certkiller -SR23. All course material is
accessible through TestApp1. You deploy 50 new Windows XP Professional client
computers at the staff business college. You connect each new client computer to the
local area network (LAN). None of the 50 new client computers in the staff business
college are domain members.
Currently, no public key infrastructure (PKI) is deployed in the Certkiller .com
domain. You must ensure that only authorized domain users can access TestApp1.
You do not want to incur any overhead that is not completely necessary to achieve
your goal.
What should you do to achieve your goal under these circumstances? Choose two
correct answers. Each correct answer presents a complete solution to resolving the
issue. Choose two.
A. Create a new IPSec policy.
Configure the IPSec policy so that Encapsulating Security Payload (ESP) using
Kerberos authentication is applied for all traffic to Certkiller -SR23.
B. Create a new IPSec policy.
Configure the IPSec policy so that Authentication Header (AH) using Kerberos
authentication is applied for all traffic to Certkiller -SR23.
C. Create a new IPSec policy.
Configure the IPSec policy so that Authentication Header (AH) using
certificate-based authentication is applied for all traffic to Certkiller -SR23.
D. Configure a new GPO to enable the Digitally sign client communication (always)
security policy setting.
Link the new GPO to the Certkiller .com domain.
Answer: B, D
Explanation: In Windows Server 2003, IPSec uses the Authentication Header (AH)
protocol and Encapsulating Security Payload (ESP) protocol to provide data
security. In your case, you only need to use AH. AH provides data authentication
and integrity, and can therefore be used on its own when data integrity and
authentication are relevant factors and confidentiality is not. With AH, a digital
signature is used to verify the identity of the sender of the information. IPSec can
use Kerberos, a preshared key, or digital certificates for authentication. Because
you do not have a PKI and you do not want to incur unnecessary expenses, you
should configure the IPSec policy so that Kerberos authentication is used.
Alternatively, you can enable the Digitally sign client communication (always) security
policy setting in a GPO that is linked to the domain. This will force all clients to sign all
Actualtest.org – The Power of Knowing
client communications to Certkiller -SR23. The GPO has to be linked to the
Certkiller .com domain so that this is enforced for all clients.
Incorrect answers:
A: Authentication Header (AH) and Encapsulating Security Payload (ESP) can be
used separately, or together. ESP ensures data confidentiality through encryption, data
integrity, data authentication, and other features that support optional anti-replay
services. To ensure data confidentiality, a number of symmetric encryption algorithms
are used. You do not need to encrypt data being sent to and from Certkiller -SR23.
Encryption results in additional overhead on each packet.
C: You cannot use certificate based authentication because this method of authentication
is dependent on a PKI implementation. You would have to first deploy a PKI, which
would result in additional expenses.
QUESTION 2:
You work as the network administrator at CertKiller.com. The CertKiller.com
network consists of a single Active Directory domain named Certkiller .com. All
servers on the CertKiller.com network run Windows Server 2003 and all client
computers run Windows XP Professional. The CertKiller.com network is segmented
into two subnets named CertKillerSubnet1 and CertKillerSubnet2 respectively.
All IT staff has client computers in CertKillerSubnet1 and all users reside in
CertKillerSubnet2. A firewall is configured to allow the following types of traffic
between CertKillerSubnet1 and CertKillerSubnet2:
1. Hypertext Transfer Protocol (HTTP)
2. Simple Mail Transport Protocol (SMTP)
3. Post Office Protocol (POP3)
All users must start requesting and receiving remote assistance from IT staff in
CertKillerSubnet1. You receive instruction to configure the firewall as follows:
1. Enable users in CertKillerSubnet2 to request and receive remote assistance from
IT staff in CertKillerSubnet1.
The CertKiller.com written security policy does not allow users in CertKillerSubnet2
to establish Remote Desktop connections with client computers in CertKillerSubnet1.
You need to configure the firewall to implement your instructions, while still
enforcing the requirements of the CertKiller.com written security policy.
How should you configure the firewall? (Each correct answer presents part of the
solution. Choose TWO.)
A. Configure the firewall to allow port 3389 for outgoing packets.
B. Use Windows Messenger to send requests.
C. Configure the firewall to allow port 3389 for incoming packets.
D. Use e-mail messages to send requests.
E. Configure the firewall to allow port 23 for outgoing packets.
Answer: A, B
Actualtest.org – The Power of Knowing
Explanation: Because your administrators need to receive and respond to remote
assistance requests from users, you have to configure the firewall to allow port 3389
for outgoing packets. This is the port used by Windows Messenger to request
remote assistance connections. Because all requests for remote assistance will be
passing through the firewall, users need to use Windows Messenger to send their
requests.
Incorrect answers:
C: If you allow incoming requests on port 3389, you will be allowing your users to
connect to computers in CertKillerSubnet1.
D: E-mail messages can only be used if the firewall is configured to allow incoming
packets on port 3389.
E: This is unnecessary because port 23 is used by Telnet, and Remote Assistance
does not use Telnet.
QUESTION 3:
You work as the network administrator at Certkiller .com. The Certkiller .com
network consists of a single Active Directory domain named Certkiller .com. All
servers on the Certkiller .com network run Windows Server 2003. All client
computers, other than five, run Windows XP Professional. The five client computers
run Windows 98. The five client computers are part of a workgroup.
Each financial year end, Certkiller .com employs a number of accounting temporary
staff to assist in the financial department. Each year, the accounting temporary staff
uses the five Windows 98 client computers to perform their assigned tasks.
You receive instruction to ensure that all IT support personnel can offer remote
assistance to the accounting temporary staff for their first week of employment. All
IT support personnel have user accounts in a global security group named
SupportPersonnel. The IT support personnel must also be able to respond to remote
assistance requests from the accounting temporary staff. You upgrade the five
Windows 98 client computers to Windows XP Professional and then add the new
Windows XP Professional client computers to the Certkiller .com domain.
What else should you do? Choose two correct answers. Each correct answer
presents only part of the complete solution. Choose two.
A. On the accounting temporary staff client computers, enable the Solicited Remote
Assistance policy and Offer Remote Assistance policy.
B. On the IT support personnel staff client computers, enable the Offer Remote
Assistance policy.
C. Add the SupportPersonnel security group to the Remote Desktop Users group on the
accounting temporary staff client computers
D. Add the SupportPersonnel security group to the local Administrators group on the
accounting temporary staff client computers.
Answer: A, D
Actualtest.org – The Power of Knowing
Explanation:
You need to configure the client computers of the accounting temporary staff to
support solicited and unsolicited remote assistance. This means that you have to
enable both the Solicited Remote Assistance policy and Offer Remote Assistance
policy on the five client computers used by the temporary staff. To allow IT support
personnel to offer remote assistance to the new temporary staff, the IT support
personnel must be members of the local Administrators group on the temporary
user’s client computers. Because all IT support personnel have accounts in
SupportPersonnel security group, you only have to add this group to the local
Administrators group on the accounting temporary staff client computers.
Incorrect answers:
B: If you enable the Offer Remote Assistance policy on the client computers of the IT
support personnel, you will be allowing users to offer remote assistance to these
computers. This should not be allowed.
C: Nothing is mentioned about IT support personnel using Remote Desktop
connections for administrative purposes.
DNS
http://technet2.microsoft.com/windowsserver/en/technologies/featured/dns/default.mspx (Technical Library)
http://207.46.196.114/windowsserver/en/library/19a63021-cc53-4ded-a7a3-abaf82e7fb7c1033.mspx?mfr=true (How DNS Works)
http://www.zytrax.com/books/dns/ (DNS Reference)
http://support.microsoft.com/kb/291382 (Q&A)
http://support.microsoft.com/kb/811118 (Webcast on Conditional Forwarding and Stub Zones)
http://www.petri.co.il/install_and_configure_windows_2003_dns_server.htm (Configuring Server 2003 DNS)
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html (Conditional Forwarding)
http://technet2.microsoft.com/WindowsServer/en/library/a3cf0184-0594-4e78-8247-609f038434381033.mspx?mfr=true (Forwarding)
http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html (Stub Zones)
http://www.comptechdoc.org/os/windows/wintcp/wtcpname.html (Order of name resolution)
http://technet2.microsoft.com/WindowsServer/en/library/26aa93c2-4d61-4476-9eb9-7e6b5ecd2f431033.mspx?mfr=true (Name Resolution)
IPSEC
http://blogs.msdn.com/James_Morey/
http://technet2.microsoft.com/WindowsServer/en/library/6ea5e4b9-13a3-48bc-bb2e-0f801501c5f51033.mspx?mfr=true
http://www.unixwiz.net/techtips/iguide-ipsec.html (Very good detail oriented site regarding IPSEC technologies)
http://technet2.microsoft.com/WindowsServer/en/library/207e34c8-f715-4aa8-8f26-e06bd1eca8081033.mspx?mfr=true (Adding, Removing, Modifying filters)
http://technet2.microsoft.com/WindowsServer/en/library/6ea5e4b9-13a3-48bc-bb2e-0f801501c5f51033.mspx?mfr=true (What’s new in Server 2003 IPSEC)
http://www.microsoft.com.nsatc.net/technet/network/ipsec/ipsecfaq.mspx (FAQ)
Routing and Remote Access
http://www.microsoft.com/technet/network/rras/default.mspx (RRAS Home Page)
http://technet2.microsoft.com/WindowsServer/en/library/fc353fbb-4df4-4b36-b14a-20cbbad434941033.mspx?mfr=true (Introduction to Remote Access Policies)
http://computerperformance.co.uk/w2k3/services/DHCP_Relay_Agent.htm (DHCP Relay Agent)
http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html (Configuring NAT)
http://technet2.microsoft.com/WindowsServer/en/library/a7a09a2c-8ec1-48fb-85f0-6363e42fd7801033.mspx?mfr=true (Configure RIP)
http://technet2.microsoft.com/WindowsServer/en/library/a7a09a2c-8ec1-48fb-85f0-6363e42fd7801033.mspx?mfr=true (Configure OSPF)
http://technet2.microsoft.com/WindowsServer/en/library/29cde9b2-3ccd-41b6-a5ea-d17397e55aee1033.mspx?mfr=true (Configure PPTP)
http://technet2.microsoft.com/WindowsServer/en/library/504b979d-1aec-4ad6-b091-fb24fa9311c41033.mspx?mfr=true (Configure L2TP)
(W)SUS
http://www.wsuswiki.com/ (Repository of (W)SUS Information)
http://www.microsoft.com/downloads/details.aspx?FamilyId=3BA03939-A5A9-407B-A4B0-1290BA5182F8&displaylang=en (Official Documentation for WSUS)
http://www.microsoft.com/windowsserversystem/updateservices/default.mspx (WSUS Home Page)
DHCP
http://www.windowsnetworking.com/articles_tutorials/DHCP_Server_Windows_2003.html (Tutorial on Installation)
http://technet2.microsoft.com/WindowsServer/en/library/3967ddab-0b28-4959-8b4d-3052c178731b1033.mspx?mfr=true (Superscopes)
http://www.shudnow.net/2007/11/20/dhcp-scope-vs-superscope/ (Scope Vs Superscope)
http://technet2.microsoft.com/WindowsServer/en/library/252b4139-6a25-41c6-906e-812731d9475e1033.mspx?mfr=true (Back up database)
http://computerperformance.co.uk/w2k3/services/DHCP_Relay_Agent.htm (DHCP Relay Agent)
http://technet2.microsoft.com/WindowsServer/en/library/978d0fa4-b5a4-4d12-82e0-7832b1ddb1b11033.mspx?mfr=true (Best Practices, How to, Concepts, Troubleshooting, Checklists, Etc.)
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncb_dhc_lwvd.mspx?mfr=true (Managing DHCP Options)
Subnetting
http://support.microsoft.com/kb/164015 (Understand TCP/IP and Subnetting Basics)
http://www.learntosubnet.com/
http://www.techexams.net/forums/viewtopic.php?t=16824
http://www.techexams.net/forums/viewtopic.php?t=18425
http://www.techexams.net/forums/viewtopic.php?t=21227
Miscellaneous
http://support.microsoft.com/kb/816592 (Configure Dynamic DNS with or without DHCP)
http://technet.microsoft.com/en-us/network/bb643123.aspx (IAS/Radius)
Free download:pass4sure Microsoft 70-291
Free download:testking Microsoft 70-291
password:www.certbible.org
High quality IT Certification Training Exam Questions, Study Guides and Practice Tests are in Downloadable PassGuide Testing Engine,Successful for IT Certification or Full Refund for you.Contact Us:Sales@PassGuide.com|
Type |
Exam Bible | New Questions & Answers |
Latest Updated |
Download link |
| All Certbible 's Exam Dumps |
597 |
1 days ago | Available |
PassGuide Training Materials & Practice Tests
About the Author
Free Certification Exam Download has written 10018 stories on this site.
If you have any doubts about legality of content or you have another suspicions, feel free to contact us:CertGuard@Gmail.com
Write a Comment
Gravatars are small images that can show your personality. You can get your gravatar for free today!
