70-291 syngress ebook

I was requested to share this as I have recently passed the 70-291 exam and this is the book that I studied for the exam.

I have also got the simulations in this share
QUESTION 2:
You work as the network administrator at Certkiller .com. The Certkiller .com
network consists of a single Active Directory domain named Certkiller .com. All
domain controllers and servers on the Certkiller .com network run Windows Server
2003. Half the client computers run Windows XP Professional and the rest run
Windows NT 4.0 Workstation.
All users send confidential data to a database server named Certkiller -SR02.
Users access a custom financial application named App1 on Certkiller -SR02 to
add, modify, and remove data from a database named ProcessingDb on the server.
All users must be able to access ProcessingDb on Certkiller -SR02.
The new Certkiller ,com written security policy requires all traffic between servers
and client computers to be encrypted if possible. You must configure the IPSec
policy that will enforce the requirements of the new Certkiller ,com written security
policy. Your solution must not prevent any client computers from connecting to
Certkiller -SR02 and using ProcessingDb. You do not want to upgrade the
Windows NT 4.0 Workstations to Windows XP Professional.
What should you do? Choose two correct answers. Each correct answer presents
only part of the complete solution. Choose two.

Actualtest.org – The Power of Knowing
A. On Certkiller -SR02, assign the Server (Request Security) IPSec policy.
B. On Certkiller -SR02, assign the Secure Server (Require Security) IPSec policy.
C. On all client computers, assign the Server (Require Security) IPSec policy.
D. On all client computers, assign the Client (Respond Only) IPSec policy.
E. On all client computers, assign the Server (Request Security) IPSec policy.
Answer: A, D
Explanation: Because you currently have Windows NT 4.0 Workstation operating
system client computers on the network, you need to configure the Server (Request
Security) IPSec policy for Certkiller -SR02. Windows NT 4.0 Workstation client
computers do not support IPSec. Assigning the Server (Request Security) IPSec
policy for Certkiller -SR02 will result in Certkiller -SR02 requesting IPSec to be
used for data communications. If the other computer supports IPSec, secure data
communication will take place. If the other computer does not support IPSec,
Certkiller -SR02 will still allow unsecured communication with that computer.
Your Windows NT 4.0 Workstation client computers will therefore still be allowed
to establish unsecured data communications to Certkiller -SR02.
The Client (Respond Only) IPSec policy must be assigned to client computers. This will
result in client computers responding to IPSec requests from other computers who
request it. No client computers will initiate secure data communication.
Incorrect answers:
B: Because you currently have Windows NT 4.0 Workstation client computers on
the network, you cannot assign the Secure Server (Require Security) IPSec policy for
Certkiller -SR02. If you do, an unsecure connection will NOT be allowed to be
established from a Windows NT 4.0 Workstation client computer to Certkiller -SR02
because Certkiller -SR02 will only allow secure data communications.
C, E: You configure the Server (Require Security) IPSec policy and Server (Request
Security) IPSec policy on computers that you want to initiate secure data communication
with other computers.
QUESTION 2:
You work as the network administrator at CertKiller.com. The CertKiller.com
network consists of a single Active Directory domain named Certkiller .com. All
domain controllers and servers on the CertKiller.com network run Windows Server
2003 and all client computers run Windows XP Professional.
All servers are located in an organization unit (OU) named CertKillerServers and all
client computers are located in an organization unit (OU) named
CertKillerClientComputers. You receive instruction to secure data communications
by using IPSec. You must ensure that communication between client computers and
servers are encrypted. You must also ensure that all servers are secure from Denial
of Service (DoS) attacks using SYN packets.
You create a new Group Policy Object (GPO) named Secure. The Secure GPO
assigns a custom IPSec policy named Policy1. You link the Secure GPO to the

Actualtest.org – The Power of Knowing
CertKillerServers OU to ensure that all servers only allow secure data
communications. You also assign the Client (Respond Only) IPSec policy in the
Domain Security Policy GPO.
The Exhibit shows the current Filter Action Properties configured for Policy1:
Users complain that they cannot connect to any network servers. You investigate the
issue and discover that no users, including you, can access network servers that
reside in the CertKillerServers OU.
You need to ensure that all users can access network servers, while still ensuring
that secure data communications occur between client computers and servers. You
want to protect all servers from DoS attacks.
What should you do? (Each correct answer presents part of the solution. Choose
TWO.)
A. Create a custom IPSec policy.
Assign the custom IPSec policy to a GPO linked to the CertKillerClientComputers
OU.
B. Create a rule that negotiates security between client computers and your servers that
need to be secured.
C. Change the current IPSec policy applied to the CertKillerServers OU so that the Allow
unsecured communication with non-IPSec-aware computers option is enabled.
D. Create a rule that permits all traffic between client computers and your servers that
need to be secured.

Actualtest.org – The Power of Knowing
Answer: A, B
Explanation: The issue you have to that the Client (Respond Only) IPSec policy
assigned in the Domain Security Policy GPO sends connections attempts without
using IPSec. All servers that reside in the CertKillerServers OU are configured to
NOT allow unsecured communication connections. To resolve the issue, you need to
create a custom IPSec policy and assign the custom IPSec policy to a GPO linked to
the CertKillerClientComputers OU. You need to create a rule in the custom IPSec
policy that negotiates security between client computers and your servers that need
to be secured.
Incorrect answers:
C: If you enable the Allow unsecured communication with non-IPSec-aware
computers option, then you will be putting your servers at risk to DoS attacks. All your
client computers ARE IPSec-aware computers.
D: This will not result in the client computers initiating secure communications with your
servers.
QUESTION 3:
You work as the network administrator at CertKiller.com. The CertKiller.com
network consists of a single Active Directory domain named Certkiller .com. All
domain controllers and servers on the CertKiller.com network run Windows Server
2003, and all client computers run Windows XP Professional. A file server named
Certkiller -SR08 stores confidential financial data in numerous shared folders
hosted on the server.
The CertKiller.com written security policy only allows the following types of users to
access the confidential financial data on Certkiller -SR08:
1. Authenticated domain users.
2. Auditors of an external auditing company.
Auditors from the external auditing company will be using a dial-up connection to
access the data on Certkiller -SR08. You need to implement the configuration
which will meet the above mentioned requirements for accessing data on
Certkiller -SR08.
You create the following three policies:
1. FileServerPolicy, which you link to the relevant organizational unit (OU) in
Active Directory.
2. CertKillerClientPolicy, which you link to the relevant organizational unit (OU) in
Active Directory.
3. AuditorsClientPolicy, which you transmit to the external auditing company.
You need to configure the authentication method in each policy so that the
CertKiller.com written security policy is enforced. You do not want to issue any
unnecessary certificates to effect your requirements.
What should you do? (Each correct answer presents part of the solution. Choose
THREE.)

Actualtest.org – The Power of Knowing
A. Configure FileServerPolicy to support certificate-based authentication and Kerberos
authentication.
B. Configure CertKillerClientPolicy to use Kerberos authentication.
C. Configure CertKillerClientPolicy to use certificate-based authentication.
D. Configure AuditorsClientPolicy to use certificate-based authentication.
E. Configure AuditorsClientPolicy to use Kerberos authentication.
Answer: A, B, D
Explanation: IPSec can use Kerberos, a preshared key, or digital certificates for
authentication. The question states that you do NOT want to issue unnecessary
certificates to effect your requirements. You should therefore configure the
CertKillerClientPolicy used to authenticate your domain clients to utilize Kerberos
authentication, and you should configure theAuditorsClientPolicy used to
authenticate external auditors to utilize certificate-based authentication. Your
server, Certkiller -SR08 must be configured to support both types of
authentication. Certkiller -SR08 will negotiate security for each authentication
method configured for your different types of users.
Incorrect answers:
C: Because you want to minimize the number of certificates issued, you should use
Kerberos authentication for domain users.
E: External clients, like the auditors of the auditing company, cannot be authenticated by
using Kerberos authentication. Kerberos can only be used to authenticate domain clients.

CODE
hxxp://www.4shared.com/file/64401209/3aafe658/70-291_Simulation_Videos.html
hxxp://www.4shared.com/file/64401211/2d6f5f2b/eBookSyngress-MCSAMCSEExam70-291WinServer2003NetworkInfrastructureShareReactor.html

Free download:passguide Microsoft 70-291
Free download:passguide Microsoft 70-291

password:www.certbible.org

PassGuide Cisco Exams Questions & Training Materials

1. Free Download Latest 070-297 dumps from here…
2. Free VTC MSCE suite 70-284, 70-291, 70-294, 70-298, Vista
3. Free Testinside 70-291 Printable
4. Free Passguide microsoft Mcdba mcse 70-291 Exam
5. Free 70-284, 70-290, 70-291, 70-293 And 70-294, Windows Server 2003
6. Free Offer, Microsoft 70-290 shares
7. Free Microsoft PassGuide 70-350 v2 73 by Mohan 132q.vce
8. Free Preplogic 15 Min Study Guides(70-270,290,291 & 293), Good Before exams and Interview(70-620,622,623)
9. Free Download latest 070-290 Latest Testinside dumps & Video simulations from here…
10. Free Mcse mcsa 70-290/70-291 VCE & Sims
11. Free VTC Designing Active Directory For Windows Server 2003 (70-297)
12. Free MCSA/MCSE/MCDBA Self-Paced Training Kit: Microsoft SQL Server(TM) 2000 System Administration, Exam 70-228, Second Edition (Pro-Certification) (Paperback)