70-291 Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure Training Boot Camp

Demo Question 7.

Exhibit, Network Topology You work as the network administrator at EliteCertify.com. The EliteCertify.com network consists of a single Active Directory domain named EliteCertify.com. All servers on the EliteCertify.com network run Windows Server 2003 and all client computers run Windows XP Professional. EliteCertify.com has its headquarters in Miami and a branch office in Chicago. Headquarters has a server named EliteCertify -SR21 and the branch office has a server named EliteCertify -SR22. Both EliteCertify -SR21 and EliteCertify -SR22 have dedicated external connections to the internet. The relevant portion of the network is illustrated in the exhibit. You have received instruction from the CIO to configure a private network that allows for Internet-based communication between headquarters and the branch office whilst ensuring this communication is secured by using IPSec encryption. Which of the following actions should achieve this configuration? Each correct answer presents part of the solution. Select two.

A. A VPN connection must be configured between EliteCertify -SR21 and EliteCertify -SR22 that uses the L2TP tunneling protocol.
B. A VPN connection must be configured between EliteCertify -SR21 and EliteCertify -SR22 that uses the PPTP tunneling protocol.
C. A certification authority (C must be installed and configured in the Active Directory domain.
D. A third-party S/MIME certificate must be installed on EliteCertify -SR21 and EliteCertify -SR22.
E. Configure a remote access policy to require the use of the EAP-TLS authentication protocol for each perimeter network server.


Display Answer

Answer: A, C

Explanation: A virtual private network (VPN) is a private network that uses links across private or public networks (such as the Internet). When data is sent over the remote link, it is encapsulated, encrypted, and requires authentication services. And Layer 2 Tunneling Protocol (L2TP) is a generic tunneling protocol that allows encapsulation of one network protocol's data within another protocol. It is used in conjunction with IPSec to enable virtual private network (VPN) access to Windows 2003 networks. If you want the Internet-based communication between headquarters servers and client computers and between the branch office servers and client computers to be secure and make use of IPSec encryption, then it would be logical to make use of a VPN that uses L2TP tunneling between headquarters and the branch office. In addition, to secure the communication, you should also make use of a certification authority in the Active Directory domain. Incorrect answers: B. PPTP tunneling, though also a tunneling protocol is not as suited to the situation as L2TP is to the situation at hand. D. This answer suggests the wrong type of certificate. Thus this option should not be considered. E. EAP-Transport Level Security (TLS) allows you to use public-key certificates as an authenticator. TLS is very similar to the familiar Secure Sockets Layer (SSL) protocol used for web browsers. When EAP-TLS is turned on, the client and server send TLS-encrypted messages back and forth. EAP-TLS is the strongest authentication method you can use; as a bonus, it supports smart cards. However, EAP-TLS requires your RRAS server to be part of a Windows 2000 or Server 2003 domain. This is not what is required under the given circumstances. Reference: James Chellis, Paul Robichaux & Matthew Sheltz, MCSA/MCSE. Windows Server 2003 Network Infrastructure Implementation, Management, and Maintenance Study Guide, Sybex Inc., Alameda, 2003, pp. 344-346, 479