70-350 Implementing Microsoft Internet Security and Acceleration (ISA) Server 2004 Mock Test Exam

Demo Question 21.

You work as the network administrator at EliteCertify.com. The EliteCertify.com network consists of a single Active Directory domain named EliteCertify.com. EliteCertify.com contains a Research department that is responsible for conducting research in the software field. The Research department contains an ISA Server 2004 computer named EliteCertify -SR14. EliteCertify -SR14 is configured with an external network adapter that is connected to the Internet and an internal network adapter that is connected to the Internal network which has a address range is of 10.0.0.0 through 10.0.0.255. You then define the VPN assignment as a static pool that extends from 10.0.1.0 through 10.0.1.255 and enable VPN client access. You then test the VPN configuration and establish a VPN connection to EliteCertify -SR14 from an external Windows XP Professional client computer. While you were on a VPN session with EliteCertify -SR14, you find out that the client computer cannot browse external Web sites. When sitting with this problem, you made sure that the internal client computers can browse external Web sites, which was positive. What should you do to ensure that VPN clients can browse external Web sites while connected to EliteCertify -SR14 and to ensure that all requests for external Web sites from VPN clients are processed through EliteCertify -SR14?

A. You need to clear the check box to use the default gateway on the remote network on the VPN clients, in the VPN connection object in the Network Connections folder.
B. You need to configure the dial-up and virtual network settings for the VPN connection object to use the proxy server settings for EliteCertify -SR14 on the VPN clients, in the Internet Explorer.
C. You need to reconfigure the VPN address assignments to use DHCP on EliteCertify -SR14 and ensure that the address assignments are within the range defined for the Internal network.
D. You need to create an access rule that allows outbound HTTP and HTTPS access from the VPN client network for the All Authenticated Users user set on EliteCertify -SR14.


Display Answer

Answer: D

Explanation: In this case the VPN Clients network does not have access to the internet because there is no access rule that allow that traffic. Therefore you need to create an access rule that allows outbound HTTP and HTTPS access from the VPN client network for the All Authenticated Users user set to the external network. ISA Server assigns computers to networks and then uses network rules, network access rules, and publishing rules to restrict the movement of network traffic between networks. These concepts are also used by ISA Server to manage VPN connections. ISA Server uses the following networks for VPN connections: 1. VPN Clients network. This network contains the IP addresses of all of the VPN clients that have connected using VPN client access. 2. Quarantined VPN Clients network. This network contains the IP addresses of all of the VPN clients that have connected using VPN client access but have not yet cleared quarantine. 3. Remote-site network. This network contains the IP addresses of all of the computers in a remote site when a site-to-site VPN connection is configured. Additional remote-site networks are created for each remote-site connection.