70-293 Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure Practice Exams

Demo Question 2.

You work as the systems engineer at EliteCertify.com. The EliteCertify.com network consists of a single Active Directory domain named EliteCertify.com. All servers on the EliteCertify.com network run Windows Server 2003 and all client computers run Windows XP Professional. EliteCertify.com's administrative staff makes use of portable computers. The exhibit shows the relevant portion of the network. The private Web server on the EliteCertify.com network uses non-standard ports for connections. The external firewall on the network is configured to allow inbound connections on the non-standard ports. EliteCertify.com's business administration policy stipulates that administrative tasks must be performed remotely. To comply with this policy, you enable Remote Desktop connections on all servers hosted on the company intranet. You install Windows Server 2003 Administrative Tools and Remote Desktops snap-ins on each client computer that is used for administrative purposes. You receive a request from administrators, stating that they want to use Remote Desktop connections to manage servers remotely, when they are at home. EliteCertify.com's written security policy does not allow connections originating from the Internet into the company intranet. The Web servers are the only servers accessible from the Internet. No other connections to the perimeter network from the Internet are allowed as per the EliteCertify.com's security policy. You must implement a solution that will allow Remote Desktop connections to the company intranet. Your solution must comply with EliteCertify.com's written security policy. What should you do to achieve your goal in these circumstances?

A. Deploy the Remote Administration Web site on the private Web server of the network. Configure the external firewall to allow incoming connections on the IIS Remote Administration port. Configure the internal firewall to allow incoming connections on the Remote Desktop Protocol (RDP) port.
B. Deploy the Remote Administration Web site on the private Web server of the network. Configure the external firewall to allow incoming connections on the Remote Desktop Protocol (RDP) port. Configure the internal firewall to allow incoming connections on the IIS Remote Administration port.
C. Deploy the Remote Desktop Web Connection Web site on the private Web server of the network. Configure the internal firewall to allow incoming connections on the Remote Desktop Protocol (RDP) port.
D. Deploy the Remote Desktop Web connection Web site on the private Web server of the network. Configure the internal firewall to allow incoming connections on the IIS Remote Administration port.


Display Answer

Answer: C

Explanation: The Remote Desktop Web Connection is a high-encryption, Remote Desktop Protocol (RDP) 5.0 client and uses RSA Security's RC4 cipher with a key strength of 40-, 56-, or 128-bit, as determined by the computer to which it is connecting. The Remote Desktop Web Connection uses the well-known RDP TCP port (3389) to communicate to the host. Unlike some other display protocols, which send data over the network using clear text or with an easily decodable "scrambling" algorithm. Remote Desktop Web Connection's built-in encryption makes it safe to use over any network-including the Internet-as the protocol cannot be easily sniffed to discover passwords and other sensitive data. This will provide the necessary security. With this solution, we can access the private web server from the internet over a non-standard port by configuring RDP to listen on the non-standard port. Then we can open a remote desktop connection from the private web server to the intranet servers. That would be without contravening the company written security policy that states that connections originating from the Internet are not allowed into the company intranet and it also will not allow any other connections to the perimeter network from the Internet. Incorrect answers: A. Configuring the external firewall to allow inbound connections on the IIS Remote Administration port would be wrong in this case. It should be omitted. B. The internal and not the external firewall should be configured to allow inbound connections on the RDP port. D. It is not the IIS Remote Administration port that should be considered here but rather the RDP port that should be considered regarding the firewall configuration to allow inbound connections. References: MS Knowledge Base article 306759: How to Change the Listening Port for Remote Desktop MS Knowledge Base article 308127: How to Manually Open Ports in Internet Connection Firewall in Windows XP MS Knowledge Base article 304034: Configuring the Remote Desktop Client to Connect to a Specific Port Martin Grasdal, Laura E. Hunter, Michael Cross, Laura Hunter, Debra Littlejohn Shinder & Dr. Thomas W. Shinder, Planning and Maintaining a Windows Server 2003 Network Infrastructure: Exam Study Guide & DVD Training System, Syngress Publishing, Inc., Rockland, MA, Chapter 7, p. 530 http://msdn.microsoft.com/library/default.asp?url=/library/ens/termserv/termserv/providing_for_rdp_client_sec u http://www.microsoft.com/windowsxp/pro/downloads/rdwebconn.asp