VTC Designing Active Directory For Windows Server 2003 (70-297)

Tuesday, April 22, 2008, 10:07

Study Guide
489 views
Add a comment

VTC Designing Active Directory For Windows Server 2003 (70-297) Duration: 7 hrs / 82 lessons

Microsoft network infrastructures can grow to become very large and complex. To master the design of network infrastructures, you will need the ability to understand and engineer complex customer needs and requirements. This course will carry you though the process of understanding and designing a Microsoft Server 2003 Active Directory and Network infrastructure. VTC Author Brad Causey gives a detailed guide of Active DIrectory, from concepts through practical applications, to help you prepare for the 70-297 certification exam. To begin learning simply click on the links.

QUESTION 1
You work as the network administrator at Certkiller .com. The Certkiller .com
network consists of a single Active Directory domain named Certkiller .com. Half the
servers on the Certkiller .com network run Windows Server 2003 and the rest run
Windows 2000 Server or Windows NT 4.0. Half the client computers run Windows
XP Professional, and the rest Windows 2000 Professional or Windows NT 4.0
Workstation.
Certkiller .com has its headquarters in Chicago and branch offices in Dallas,
Houston, and Miami. All servers located at the Chicago headquarters premises run
Windows Server 2003 and all client computers run Windows XP Professional. T3
lines currently connect each branch office to the Chicago headquarters office. Users
at the three branch offices send data over the T3 line to the Chicago headquarters
office.
An attacker has managed to intercept and tamper with data as it traversed over the
WAN link connecting the Dallas office and Chicago headquarters office. You are
instructed to:
1. Secure all data communications traversing over WAN links between the Chicago
headquarters office and all three branch offices.
2. Ensure that the security breach incident do not occur in the future.
3. Minimize any expenses incurred as a result of implementing your solution.
You upgrade all WAN routers that connect the T3 lines to routers at the Chicago
headquarters office to Windows Server 2003. You must still perform the
configuration that will secure data communications between the Chicago
headquarters office and the three branch offices. You want to use the least amount
of administrative effort to accomplish your task.
How should you configure the WAN routers?
A. Configure the routers to use IPSec in Transport Mode.
B. Configure the routers to use IPSec in Tunnel Mode.
C. Configure the routers to use IPSec Authentication Header (AH) in Transport Mode
D. Configure the routers to use IPSec Encapsulating Security Payload (ESP) in Transport
Mode.
Answer: B
Explanation: The question states that you have upgraded the WAN routers that
connect the T3 lines to
routers at the Chicago headquarters office to Windows Server 2003. This basically
allows you to configure the WAN routers to use IPSec in Tunnel Mode. IPSec tunnel
mode can be used to provide security for WAN and VPN connections that use the
Internet as the connection medium. In tunnel mode, IPSec encrypts the IP header

Actualtests.org – The Power of Knowing
and the IP payload. With tunneling, the data contained in a packet is encapsulated
inside an additional packet. The new packet is then sent over the network. Tunnel
mode is typically used for the following configurations: server to server, server to
gateway, and gateway to gateway. Tunnel mode only requires the WAN routers at
each end of the connection to support IPSec. No computers need to support IPSec.
This is especially relevant in your case because there are both Windows NT 4.0
servers and client computers at the branch offices. Windows NT 4.0 servers and
client computers do not support IPSec.
Incorrect answers:
A: Transport mode is used to provide end-to-end communication security between two
computers on the network, which means that your computers must support IPSec.
C: Transport mode is used to provide end-to-end communication security between two
computers on the network, which means that your computers must support IPSec.
D: Transport mode is used to provide end-to-end communication security between two
computers on the network, which means that your computers must support IPSec.
QUESTION 2
You work as the security administrator at Certkiller .com. The Certkiller .com
network consists of a single Active Directory domain named Certkiller .com. All
servers on the Certkiller .com network run Windows Server 2003 and all client
computers run Windows XP Professional.
An enterprise root certification authority (CA) exists on the Certkiller .com network.
A new Certkiller .com security policy dictates that:
1. All computers must be able to make use of IPSec for communication purposes
within the Certkiller .com internal network.
2. All computers have to make use of certificates for mutual authentication.
You need to ensure that these requirements are adhered to.
What should you do?
A. Acquire a computer certificate from a commercial Certification Authority (CA).
Place it into a shared folder on a files server.
Then instruct users to copy the certificate to the \Windows\System32 folder on their
client computers.
B. Acquire a computer certificate from an enterprise Certification Authority (CA).
Use the Software Settings policy in the Default Domain Policy GPO to distribute the
certificate to all client computers.
C. Configure an auto-enrollment policy for users in a new GPO.
Then link the GPO to the domain.
D. Configure an Automatic Certificate Request Settings policy for computers in the
Default Domain Policy GPO.
Answer: D
Explanation: For two computers to use IPSec to communicate with each other, each
of the computers should have a computer certificate and should trust the certificate

Donwload Free PassGuide Braindumps-The Most Realistic Practice Questions and Answers,Help You Pass any Exams

Actualtests.org – The Power of Knowing
of the other computer. To automatically deploy computer certificates on your
network, you can configure the appropriate Automatic Certificate Request Settings
for computers in the Default Domain Policy GPO. This policy will force each
computer on your network to automatically submit a certificate request to your
enterprise CA.
Incorrect Answers:
A: Certificates should be installed in appropriate certificate stores, either local or in
Active Directory. Simply copying a certificate file to the \Windows\System32 folder
would not install the certificate on the computer. Also, each computer should be issued a
unique certificate.
B: Software Settings policies are used for deploying applications with the Windows
Installer .msi packages.
C: By default, the Enroll certificates automatically option is enabled for both users
and computers in the Default Domain Policy GPO.
QUESTION 3
You work as the network administrator at Certkiller .com. The Certkiller .com
network consists of a single Active Directory domain named Certkiller .com. All
servers on the Certkiller .com network run Windows Server 2003 and all client
computers run Windows XP Professional.
Certkiller .com is currently worguide together with another company in a joint
venture. The partner company makes use of its own private root certification
authority (CA). There is currently an enterprise root certification authority (CA)
that exists on the Certkiller .com network.
A new Certkiller .com security policy dictates that:
1. All computers have the ability to use IPSec for communication purposes within
the Certkiller .com internal network.
2. All computers must make use of certificates for mutual authentication.
3. All computers should use IPSec to communicate with computers on the network
of a partner company.
You need to ensure that these requirements are adhered to.
What should you do?
A. You should acquire a computer certificate from a commercial CA.
Then import it into the Personal computer certificate store on all Certkiller .com
computers.
B. You should acquire a user certificate from a commercial CA.
Then import it into the Personal user certificate store on all Certkiller .com computers.
C. You have to automatically issue computer certificates from your enterprise CA to all
Certkiller .com computers using a GPO.
Then import the root CA certificate of the Certkiller .com partner company into the
Trusted Root Certification Authorities user certificate store.
D. You have to automatically issue user certificates from your enterprise CA to all
Certkiller .com users using a GPO
Then import the root CA certificate of the Certkiller .com partner company into the

Actualtests.org – The Power of Knowing
Trusted Root Certification Authorities user certificate store.
Answer: C
Explanation: For two computers to use IPSec to communicate with each other, each
of the computers should have a computer certificate and should trust the certificate
of the other computer. To automatically deploy computer certificates on your
network, you can configure the appropriate Automatic Certificate Request Settings
for computers in the Default Domain Policy GPO. This policy will force each
computer on your network to automatically submit a certificate request to your
enterprise CA.
All computers on your network automatically trust all certificates issued by your
enterprise CA, and, therefore, they all trust each other’s certificates. To ensure that
computers on Certkiller .com’s network also trust the certificates issued by the partner’s
enterprise CA, you can add the partner’s root CA certificate to the Trusted Root
Certification Authorities policy in the Default Domain Policy GPO. This policy will
force all computers on your network to import this certificate into their corresponding
certificate store.
Incorrect Answers:
A: If you acquired a computer certificate from a commercial CA and deployed it to
the Personal computer certificate store on each computer on your network, then all your
computers would appear to have the same identity. However, the actual computer names
would not match the subject name in the certificate. This would prevent your computers
from using IPSec to communicate with each other unless you also deploy a unique
computer certificate from your enterprise CA to each computer or configure IPSec to
allow Kerberos V5 or pr-shared key authentication instead of certificate authentication.
This option does not enable your computers to trust the partner’s computers’ certificates
issued by the partner’s private CA.
B: For IPSec communications, computers must have computer certificates, but users on
those computers are not necessarily required to have user certificates.
D: There is no user policy to automatically submit certificate requests on behalf of
users or to import a certificate into the Trusted Root Certification Authorities user
certificate store.

Free download:passguide Microsoft 70-297
Free download:passguide Microsoft 70-297

password:www.certbible.org

PassGuide Cisco Exams Questions & Training Materials

Share
Delicious Digg Design Float Mixx Reddit StumbleUpon Technorati

Tags: microsoft, vtc

About the Author

PassGuide Free Certification Exam Download has written 11070 stories on this site.

If you have any doubts about legality of content or you have another suspicions, feel free to contact us:CertGuard@Gmail.com

Write a Comment

Gravatars are small images that can show your personality. You can get your gravatar for free today!

VTC Designing Active Directory For Windows Server 2003 (70-297)

PassGuide Cisco Exams Questions & Training Materials

About the Author

Write a Comment

Subscribe

Categories

Blogroll

Meta

Archives

News Categories

Site Pages