Information Technology Reference
In-Depth Information
Objective 3.3: thought experiment
1.
Unfortunately, the VPN protocol with the widest range of support is the one you prob-
ably don't want to use: PPTP. There are a number of security vulnerabilities related to
PPTP, so it is no longer recommended. Many older clients using PPTP supported only
MS-CHAP, which is now gone from the PPTP list of authentication providers. L2TP is
also reasonably well supported by a wide range of clients.
2.
Beginning with Windows Vista, Windows clients all support SSTP, which has the dis-
tinct advantage of being able to work behind virtually any firewall. However, it is not
well supported natively by other operating systems, although there are third-party
products that provide support.
3.
Beginning with Windows 7, Windows clients support IKEv2, also known as VPN
Reconnect. IKEv2 supports user or machine authentication and has the capability to
seamlessly reconnect the VPN when the network adapter changes.
4.
Both smart cards and OTPs can be used with VPN and DirectAccess. With smart cards,
Windows 8 and later mobile users who have a TPM chip on their computer can use
virtual smart cards to simplify the user experience.
Regardless of whether you choose smart cards or OTPs, you have to implement a
Public Key Infrastructure (PKI) to support computer certificates. If you choose OTP, you
also have to implement RADIUS.
5.
Objective 3.3: review
Correct answer:
C
1.
Incorrect
. This is a client-only cmdlet from the DISM module.
A.
Incorrect
. Installs the Remote Access role, but not the VPN or Routing role features.
B.
Correct
. Installs the Remote Access role and the DirectAccess-VPN and Routing
role features. The DirectAccess-VPN role feature meets the VPN requirement
in the question, and the Routing role feature meets the NAT requirement. The
-IncludeManagementTools parameter ensures that all management tools are also
installed.
C.
Incorrect
. Not an available Windows role. The RRAS role has been replaced by the
Remote Access role, and VPNs have been combined with DirectAccess in a unified
remote access role.
D.
