Information Technology Reference
In-Depth Information
Correct answer:
C
2.
Incorrect
. All WAN miniport devices are installed by default.
A.
Incorrect
. Removes one of the WAN miniports, but leaves L2TP and IKEv2
still available.
B.
Correct
. Disables remote access for these protocols.
C.
Incorrect
. This is an outgoing protocol, not an incoming one.
D.
Correct answers:
D, F
3.
Incorrect
. Because DirectAccess is enabled, you make VPN changes on the
Remote Access Management console.
A.
Incorrect
. Because DirectAccess is enabled, you make VPN changes on the
Remote Access Management console.
B.
Incorrect
. You don't make DHCP reservations; instead, make a DHCP exclusion.
C.
Correct
. You have to make a DHCP exclusion to ensure that the Remote Access
server doesn't give a remote client the same IP address as an internal one.
D.
Incorrect
. This would use DHCP, and the address assigned to the remote client
would not be controlled by the Remote Access server.
E.
Correct
. Enables the Remote Access server to control the assignment of IP
addresses for remote VPN clients.
F.
Objective 3.4: thought experiment
Three choices are available: physical smart cards, virtual smart cards, and OTPs.
1.
Physical smart cards are expensive and complicated to deploy, but can be easily
integrated into the VPN strategy. You have to ensure that all users have a smart card
reader, and provide a solution to reset the smart cards, and so on.
2.
3.
Virtual smart cards require only a TPM, and it is already company policy to require a
TPM and BitLocker on all company mobile devices because they routinely work with
sensitive data. With a TPM already assured, using virtual smart cards is a compelling
solution. It does not, however, solve the issue of remote users who are on non-TPM
desktop computers, and those users need to be addressed. However, the new corpo-
rate desktop specification includes at least two desktop options that have a TPM, so
rolling that out to remote users should be a priority.
4.
OTPs are simple and easy to use, require only a smartphone app for users to generate
their password, and need no extra hardware for desktop users. However, they require
deploying RADIUS servers, and do nothing to address desktop remote users who do
not have a TPM and BitLocker, so you'd likely want to consider upgrading them even
though you didn't plan to use virtual smart cards.
