Testinside 70-291 Printable

I am offering the PRINTABLE version of TestInside 70-291.

QUESTION 1:
You work as the network administrator at Certkiller .com. The Certkiller .com
network consists of a single Active Directory domain named Certkiller .com. All
servers on the Certkiller .com network run Windows Server 2003 and all client
computers run Windows XP Professional.
The Certkiller .com network contains a perimeter network. The Certkiller .com public
Web site is hosted on a Web server named Certkiller -SR05. Certkiller -SR05
resides on the perimeter network. The SNMP service runs on Certkiller -SR05. A
client computer named Certkiller -WS529 resides on the internal network, and
has the SNMP management console installed.
The perimeter network resides between two firewalls. One firewall resides between
the internal network and perimeter network, and the other firewall resides between
the perimeter network and the Internet. The internal firewall permits SNMP traffic.
You receive instructions to secure SNMP-based communication between the SNMP
management console on Certkiller -WS529 and Certkiller -SR05. No

Actualtest.org – The Power of Knowing
unauthorized users should be allowed to communicate with Certkiller -SR05 by
using SNMP. You cannot purchase new hardware or software in your solution to
secure SNMP traffic between the Certkiller -WS529 and Certkiller -SR05.
What should you do?
A. Use IPSec encryption to secure SNMP traffic between Certkiller -WS529 and
Certkiller -SR05.
B. Configure the SNMP service on Certkiller -SR05 to accept SNMP packets from only
Certkiller -WS529.
C. Modify all communities that are accepted on Certkiller -SR05 so that they are
Read-only.
D. Place Certkiller -SR05 and Certkiller -WS529 in the same SNMP community.
Answer: A
Explanation:
IPSec encryption should be used to secure SNMP traffic between the SNMP
management console on Certkiller -WS529 and Certkiller -SR05. SNMP is
regarded as being one of the most insecure protocols, because SNMP
communications are sent in a clear-text format. This makes SNMP susceptible to
brute force attacks. Here, the attacker initiates a brute force attack to find the
SNMP community names so that he/she can determine the devices and services
running on the network. You should create a custom IPSec policy and then assign it
to Certkiller -WS529 and Certkiller -SR05. To secure SNMP traffic, the IPSec
policy should be configured to require securityand drop unsecured traffic.
Incorrect answers:
B: The SNMP service on Certkiller -SR05 must be configured to accept SNMP packets
from only Certkiller -WS529. However, SNMP is an insecure protocol that passes data
in cleat-text.
C: If all communities that are accepted on Certkiller -SR05 are Read-only, then no
SNMP management data can be passed to the server.
D: To enable Certkiller -WS529 and Certkiller -SR05 to communicate using SNMP,
both computers have to reside in the same SNMP community.
QUESTION 2:
You work as the network administrator at CertKiller.com. The CertKiller.com
network consists of a single Active Directory domain named Certkiller .com. All
servers on the CertKiller.com network run Windows Server 2003. Half the client
computers run Windows XP Professional and the rest run Windows NT 4.0
Workstation.
CertKiller.com has headquarters in London and a branch office in Berlin. Only the
Berlin branch office has Windows NT 4.0 Workstation client computers. All client
computers at the London headquarters run Windows XP Professional. A server
named Certkiller -SR07 is configured as the remote access server at the London

Actualtest.org – The Power of Knowing
headquarters and a server named Certkiller -SR12 is configured as the remote
access server at the Berlin branch office. A persistent VPN connection connects
Certkiller -SR07 and Certkiller -SR12. The computers at each CertKiller.com
office location pass confidential company information to computers at the other
office location.
You receive instruction to secure data communications between the two
CertKiller.com offices by providing data confidentiality. You want to use the most
secure form of encryption to encrypt data between Certkiller -SR07 and
Certkiller -SR12, and for communications between client computers and the
servers. You cannot purchase new hardware or software to accomplish your task.
What should you do? (Each correct answer presents part of the solution. Choose
TWO.)
A. Assign the Server (Request Security) IPSec policy to Certkiller -SR07 and
Certkiller -SR12.
B. For the VPN connection between Certkiller -SR07 and Certkiller -SR12, use L2TP
over IPSec as the tunneling protocol.
C. Assign the Server (Require Security) IPSec policy to Certkiller -SR07 and
Certkiller -SR12.
D. Assign the Client (Respond Only) IPSec policy to Certkiller -SR07 and
Certkiller -SR12.
E. For the VPN connection between Certkiller -SR07 and Certkiller -SR12, use PPTP
as the tunneling protocol.
Answer: A, B
Explanation: With the Secure Server (Request Security) IPSec policy, the computer
that has the policy assigned initiates secure data communication. If the other
computer supports IPSec, secure data communication will take place. If the other
computer does not support IPSec, the computer will allow unsecured
communication with that computer. Because the branch office has Windows NT 4.0
client computers, and because all client computers must be able to access all servers,
you have to assign the Secure Server (Request Security) IPSec policy to each remote
access server. Windows NT 4.0 does not support IPSec, and assigning the Secure
Server (Request Security) will result in all client connections that support IPSec to
be secured, while still allowing non-IPSec connections with Windows NT 4.0 client
computers.
When L2TP is used with IPSec, the highest level of security is assured. This includes
data confidentiality and integrity, data authentication, as well as replay protection. IPSec
protects the packets of data and therefore provides security on insecure networks such as
the Internet
Incorrect answers:
C: The Server (Require Security) IPSec policy cannot be assigned to
Certkiller -SR07 and Certkiller -SR12, because all data communications with
Windows NT 4.0 client communications will NOT be allowed.
D: The Client (Respond Only) IPSec policy results in the computer assigned the policy

Actualtest.org – The Power of Knowing
never initiating secure data communication. The computer only responds to IPSec
requests from other computers who request it. The Client (Respond Only) IPSec policy
should be assigned to client computers.
E: You should not use Point-to-Point Tunneling Protocol (PPTP) because one of your
requirements is to use the most secure form of encryption. L2TP over IPSec is more
secure than PPTP.
QUESTION 3:
DRAG DROP
You work as the network administrator at Certkiller .com. The Certkiller .com
network consists of a single Active Directory domain named Certkiller .com. All
servers on the Certkiller .com network run Windows Server 2003 and all client
computers run Windows XP Professional. All servers and client computers have the
latest service packs installed.
The updated Certkiller .com securitypolicy requires IPSec to be used to secure data
communications between Certkiller .com’s client computers and servers.
You need to configure IPSec to provide for data confidentiality and data integrity.
Your IT manager instructs you to minimize any poor performance impact that
could occur when you assign IPSec policies to Certkiller .com’s computers to secure
data communications.
What should you do? Answer by selecting the methods you should use to provide
data confidentiality and data integrity in the left pane, and adding it to the
appropriate location in the right pane.
Answer:
Explanation:
IPSec ensures data confidentiality by applying encryption algorithms to data before it is
sent over the network. 3DES uses three 56-bit keys for encryption, and is the most secure
method for encrypting data. Data is encrypted with one key, decrypted with another key,
and encrypted again with a different key. DES is the default encryption algorithm used in
Windows Server 2003. DES uses one 56-bit key to encrypt data. You should use DES

Actualtest.org – The Power of Knowing
because one of your requirements is to minimize any poor performance impact. DES
has less of a performance impact on computers whereon it is assigned to encrypt data.
A hashing algorithm is used to ensure that the data is not modified as it is passed over the
network. The hashing algorithms which can be used by IPSec are Message Digest (MD5)
and Secure Hash Algorithm 1 (SHA1). While SHA1 uses a 160-bit secret key to generate
a 160-bit message digest which provides more security than MD5; it uses more resources
to calculate the hash than MD5. MD5 uses a one-way hash that results in a 128-bit hash
which is used for integrity checguide. You should therefore use MD5 to minimize any
poor performance impact on your computers.
RC4 uses a streaming encryption algorithm with variable key sizes to encrypt PPTP VPN
connections.

Free download:passguide Microsoft 70-291
Free download:passguide Microsoft 70-291

password:www.certbible.org

Download:

http://rapidshare.com/files/41626218/TestInside70-291.pdf.html

PassGuide Cisco Exams Questions & Training Materials

1. Free Download latest 070-290 Latest Testinside dumps & Video simulations from here…
2. Free Download Latest 070-297 dumps from here…
3. Free 70-291 syngress ebook
4. Free Microsoft PassGuide 70-350 v2 73 by Mohan 132q.vce
5. Free testinside 70-270 In Vce
6. Free Passguide microsoft Mcdba mcse 70-291 Exam
7. Free Preplogic 15 Min Study Guides(70-270,290,291 & 293), Good Before exams and Interview(70-620,622,623)
8. Free testinside microsoft ts 70-643 v1.21
9. Free VTC MSCE suite 70-284, 70-291, 70-294, 70-298, Vista
10. Free (offer) microsoft 70-284 Vce’s, As requested
11. Free Offer, Microsoft 70-290 shares
12. Free Passguide Microsoft 70-542(VB) 2.93