CNA 221 | Ch. 6, Implementing Remote Access

Ace your homework & exams now with Quizwiz!

Multisite DirectAccess

A DirectAccess configuration with two or more DirectAccess servers, each providing a secure entry point into a network.

Network Location Server (NLS)

A basic web server used by DirectAccess client computers to determine whether they're on the intranet or a remote network.

Perimeter network

A boundary between the private network and the public Internet that is where most resources available to the Internet are located.

VPN reconnect

A feature that automatically re-establishes a VPN connection that is temporarily lost with no intervention from the user.

Remote dial-in

A less common but still used technology that uses the phone system and modems to connect remotely.

Routing table

A list of network destinations along with information on which interface can be used to reach the destination.

Static routes

A manually configured route in the routing table that instructs the router where to send packets destined for particular networks.

Tunnel

A method of transferring data across an unsecured network in such a way that the actual data in the transmission is hidden from all but the sender and the receiver.

Virtual Private Network (VPN)

A network connection that uses the internet to give mobile users or branch offices secure access to a company's network resources on a private network.

Demand dial-interface

A network connection used to establish a VPN connection when network traffic from the internal network has a destination address of the other network to which you are connecting.

Force tunneling

A remote access method in which all traffic from the client, including traffic destined for the Internet, goes over the DirectAccess tunnel.

Split tunneling

A remote access method in which only requests for resources on the intranet are sent over the DirectAccess tunnel.

DirectAccess

A role service under the Remote Access server role that provides many of the same features as a VPN but adds client management and always-connected capability.

Open Shortest Path First (OSPF)

A routing protocol that determines the best path by using the speed (or cost) of each link in the path from source network to destination network.

Remote Access

A server role that provides services to keep a mobile workforce and branch offices securely connected to resources at the main office.

Infrastructure tunnel

A tunnel created between the client computer and the DirectAccess server used for control of the DirectAccess connection.

Internet Protocol-Hypertext Transfer Protocol Secure (IP-HTTPS)

A tunneling protocol used to transport IPv6 packets over an HTTPS connection.

224.0.0.0

Address used for multicast packets.

VPN connection profiles

Allows you to create VPN connections that can be distributed to user's computers so that VPN clients do not have to be configured on each client station.

Border Gateway Protocol (BGP)

An advanced dynamic routing protocol used to route between remote networks, including site-to-site VPNs, and between physical and virtual networks.

Port Address Translation (PAT)

An extension of NAT that allows several hundred workstations to access the Internet with a single public Internet address.

zero (0)

Changing the number of ports to _ effectively disables the tunnel type.

Point-to-Point Tunneling Protocol (PPTP)

Commonly used VPN protocol that encapsulates Point-to-Point Protocol (PPP), using a modified version of Generic Routing Encapsulation (GRE).

Automatic

Default tunnel type when you create a VPN connection.

Layer 2 Tunneling Protocol with Internet Protocol Security (L2TP/IPsec)

Developed in cooperation with Cisco Systems and Microsoft, ___________ generally provides a higher level of security than PPTP. Doesn't use MPPE, but instead uses the encryption technology built into IPsec.

IPsec

DirectAccess uses _____ for secure packet transport and computer authentication.

Always on

Feature that makes a VPN client connect automatically when a user signs in, when a change in network status is detected, or when the device's screen is turned on.

Microsoft Point-to-Point Encryption (MPPE)

Frames in PPTP are encrypted with ____ by using encryption keys from the authentication process.

PKI (Public Key Infrastructure)

If you want to use multiple DirectAccess servers, a ___ is required because Kerberos proxy doesn't work with multiple DirectAccess servers.

Users

In what folder can you find the RAS and IAS server group?

Hop count

Metric used for determining the best path to a network by counting the number of routers a packet must go through to reach the destination network.

Name resolution policy table (NRPT)

Policy that ensures that DNS requests for intranet resources are either directed to internal DNS servers, not Internet DNS servers.

Get-DAConnectionStatus

PowerShell cmdlet used to test DirectAccess configuration with a client computer.

Network Address Translation (NAT)

Process by which a router or other type of gateway device replaces the source or destination IP addresses in a packet before forwarding the packet.

Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

Protocol that allows computers on a network to access DirectAccess clients that are connected via the Internet.

B. Configure dial-in settings in user accounts C. Configure a network policy in the Network Policy Server console

Remote access is denied to users by default. Which of the following must you do to allow users to connect via remote access? (Choose all that apply.) A. Configure settings in the Routing and Remote Access console B. Configure dial-in settings in user accounts C. Configure a network policy in the Network Policy Server console D. Set up a VPN

A. Control access through NPS Network Policy

The Network Access Permission attribute for a user account is set to which of the following by default? A. Control access through NPS Network Policy B. Allow access C. Deny access D. Control access through Group Policy

Default route

The network where the router sends all packets that don't match any other destinations in the routing table.

Intranet tunnel

The tunnel created when a user signs in to the DirectAccess client; it provides access to resources on the network.

Web Application Proxy

This role service allows publishing web-based applications for use by clients outside the network.

DirectAccess and VPN (RAS)

This role service has the features needed for dial-in VPN and DiretAccess remote access.

Routing

This role service provides routing and NAT.

False. BGP is used primarily by large enterprises and cloud providers.

True or False? BGP is most often used in virtual environments where BGP is deployed on a virtual machine acting as a gateway for small businesses.

True

True or False? ISATAP doesn't work reliably with multisite DirectAccess because computers on the network don't know which DirectAccess server a particular client is connected.

True

True or False? If no default route is configured, a router will discard packets that don't match a destination in the routing table.

LockDown VPN

VPN feature that allows only VPN traffic on the device and attempts to maintain the VPN connection at all times.

Name-based

VPN feature where the VPN client will connect automatically when a particular domain name is accesses.

App trigger

VPN feature where the VPN client will connect automatically when the specified applications are started.

Secure Socket Tunneling Protocol (SSTP)

VPN tunnel that provides a mechanism to transport PPP or L2TP traffic through an SSL 3.0 channel. SSL provides transport-level security with key-negotiation, encryption and traffic integrity checking.

Metric

Value assigned to a route. A route with a lower value will take precedence when two are more routes are going to the same destination.

C. RIPv2

What do you configure in Routing and Remote Access that specifies the server should send its routing table to its neighbors? A. Static routing B. L2TP C. RIPv2 D. Default route

1,024 - 65,535

What is the configurable value for source port when using PAT?

D. Hop count

What is the metric used by the dynamic routing protocol you configure in Routing and Remote Access? A. Least cost B. Bandwidth C. Ping time D. Hop count

B. Network Policy

What should you configure if you want only users who are members of particular groups to be able to connect to the VPN? A. Connection Request Policy B. Network Policy C. Remote Authentication Rule D. Network Access Rule

B. NAT

What should you configure in Routing and Remote Access if you want computers using a private IP address to access the public Internet? A. Demand-dial interface B. NAT C. Dynamic routing D. Web Application Proxy

A. Windows Server Gateway

What specific type of Windows Server 2016 configuration allows a cloud service provider to use a virtual machine configured as a gateway to route multiple tenants using the same physical network? A. Windows Server Gateway B. RADIUS Server C. Cloud Services Gateway D. Hybrid Gateway

C. IP-HTTPS

Which DirectAccess IPv6 transition technology uses Secure Sockets Layer over port 443? A. 6to4 B. Teredo C. IP-HTTPS D. ISATAP

A. NLS

Which DirectAccess component allows clients to determine whether they're on the company network or a remote network? A. NLS B. PKI C. Kerberos proxy D. ISATAP

B. SSTP

Which VPN tunnel type requires the firewall to allow TCP port 443? A. PPTP B. SSTP C. L2TP/IPsec D. PPP

D. L2TP/IPsec

Which VPN tunnel type uses an Internet Key Exchange? A. PPP B. PPTP C. SSTP D. L2TP/IPsec

C. EAP

Which authentication method should you choose if users authenticate with smart cards? A. MS-CHAPv2 B. PAP C. EAP D. RADIUS

A. Better security B. Support for multisite configurations C. Two-factor authentication support

Which of the following are benefits of using a PKI instead of self-signed certificates when configuring DirectAccess? (Choose all that apply.) A. Better security B. Support for multisite configurations C. Two-factor authentication support D. Simpler DirectAccess client deployment

A. Network Address Translation B. Web Application Proxy

Which of the following are services provided by the Remote Access server role? (Choose all that apply.) A. Network Address Translation B. Web Application Proxy C. Windows Server Update Services D. Internet Information Services

B. Discards the packet

Which of the following does a router do if it receives a packet for a destination network that's not in its routing table and no default route is configured? A. Broadcasts the packet B. Discards the packet C. Returns the packet to the sender D. Sends a route query to the next router

B. TCP port 1723 D. IP protocol ID 47

Which of the following need to be configured on the firewall to allow PPTP VPN connections? (Choose all that apply.) A. UDP port 4500 B. TCP port 1723 C. IP protocol ID 50 D. IP protocol ID 47

D. BGP

Which of the following routing protocols would you choose when using dynamic routing with IPv6? A. RIPv2 B. IGRP C. IS-IS D. BGP

C. Force tunneling

Which of the following should you configure if you want DirectAccess clients to access the Internet through the company network? A. Split tunneling B. NLS C. Force tunneling D. Intranet tunnel

C. VPN access and NAT

Which remote access configuration option should you choose if you want mobile users to be able to make a secure connection to the main network and allow computers on the private network to access the Internet with a public IP address? A. Remote access (dial-up or VPN) B. NAT C. VPN access and NAT D. Secure connection between two private networks

A. DirectAccess and VPN

Which role service should you install if you want client computers to be able to authenticate an IPsec connection with Kerberos proxy? A. DirectAccess and VPN B. Web Application Proxy C. Routing D. Remote dial-in

C. L2TP/IPsec

Which tunnel type needs to authenticate client and server computers with a preshared key or a digital certificate? A. PPTP B. SSTP C. L2TP/IPsec D. PPP


Related study sets

Marketing Chapter 6, 8, 11, 12, 15, 19

View Set

Lesson 4: Thinking Skills for Troubleshooting Exam

View Set

Texas Principles of Real Estate 1 - Chapter 9

View Set