Microsoft ISA Server 2006 - 70-351
This is a quiz made for those who want to achieve the Microsoft ISA Server 2006 MCP in Microsoft.
- 1.
Your network contains a single ISA Server 2006 computer named ISA1. ISA1 is not yet configured to allowinbound VPN access.You deploy a new application named App1. The server component of App1 is installed on an internal servernamed Server1. The client component of App1 is installed on employee and partner computers. Employees andpartners will establish VPN connections when they use App1 from outside the corporate network.You identify the following requirements regarding VPN connections to the corporate network.Employees must be allowed access to only Server1, three file servers, and an internal Web server named Web1.Employees must have installed all current software updates and antivirus software before connecting to anyinternal resources.Partners must be allowed access to only Server1.You must not install any software other than the App1 client on any partner computers.You need to plan the VPN configuration for the company.What should you do?
- A.
Configure ISA1 to accept incoming VPN connections from partners and employees. Enable Quarantine Control on ISA1. Configure Quarantine Control to disconnect users after a short period of time. Use access rules to allow access to only the permitted resources.
- B.
Configure ISA1 to accept incoming VPN connections from partners and employees. Enable Quarantine Control on ISA1. Exempt partners from Quarantine Control. Use access rules to allow access to only the permitted resources.
- C.
Configure ISA1 to accept incoming VPN connections from partners and employees. Enable Quarantine Control on ISA1. Enable RADIUS authentication and user namespace mapping. Configure a Windows Server 2003 Routing and Remote Access server as a RADIUS server. Create a single remote access policy.
- D.
Add a second ISA Server 2006 computer named ISA2. Configure ISA1 to accept VPN connections from employees. Do not enable Quarantine Control on ISA1. Configure ISA2 to accept VPN connections from partners. Enable Quarantine Control on ISA2. On each server, use access rules to allow access to only the permitted resources.
Correct Answer
B. Configure ISA1 to accept incoming VPN connections from partners and employees. Enable Quarantine Control on ISA1. Exempt partners from Quarantine Control. Use access rules to allow access to only the permitted resources.Explanation
The correct answer is to configure ISA1 to accept incoming VPN connections from partners and employees, enable Quarantine Control on ISA1, exempt partners from Quarantine Control, and use access rules to allow access to only the permitted resources. This configuration ensures that both employees and partners can establish VPN connections to the corporate network through ISA1. Quarantine Control is enabled to ensure that employees have installed all necessary software updates and antivirus software before accessing internal resources. Partners are exempted from Quarantine Control to meet the requirement of not installing any additional software on partner computers. Access rules are used to restrict access to only the specified resources.Rate this question:
-
- 2.
Your network consists of a single Active Directory domain. The network contains an ISA Server 2006 computernamed ISA1. Client computers on the network consist of Windows XP Professional computers, UNIXworkstations, and Macintosh portable computers. All client computers are domain members.You configure ISA1 by using the Edge Firewall network template. You manually configure ISA1 with access rulesto allow HTTP and HTTPS access to the Internet. You configure ISA1 to require all users to authenticate.You need to provide Internet access for all client computers on the network while preventing unauthorizednon-company users from accessing the Internet through ISA1. You also want to reduce the amount ofadministrative effort needed when you configure the client computers.What Should You do?
- A.
Configure all client computers as Web Proxy clients. Configure Basic authentication on the Internal network.
- B.
Configure all client computers as Web Proxy clients. Configure Basic authentication on the Local Host network.
- C.
Configure all client computers as SecureNAT clients. Configure Basic authentication on the Internal network.
- D.
Configure the Windows-based computers as Firewall clients. Configure the non-Windows-based computers as Web Proxy clients. Configure Basic authentication on the Local Host network.
Correct Answer
A. Configure all client computers as Web Proxy clients. Configure Basic authentication on the Internal network.Explanation
To provide Internet access for all client computers while preventing unauthorized non-company users from accessing the Internet through ISA1, the best option is to configure all client computers as Web Proxy clients. This allows ISA1 to act as a proxy server, controlling and filtering the internet traffic. By configuring Basic authentication on the Internal network, all users will be required to authenticate themselves before accessing the internet, ensuring that only authorized users can use the internet through ISA1. This configuration also helps reduce administrative effort as it provides a centralized control over internet access for all client computers on the network.Rate this question:
-
- 3.
Your network consists of a single Active Directory domain named contoso.com. The network contains an ISAServer 2000 computer named ISA1.All client computers have the ISA Server 2000 Firewall Client software installed. Client computers are configuredto use an internal DNS server. Two Windows Server 2003 computers named App1 and App2 run a Web-basedapplication that is used to process company data.You configure ISA1 with protocol rules to allow HTTP, HTTPS, RDP, POP3, and SMTP access.The list of domain names available on the Internal network on ISA1 contains the following entries.*.south.contoso.com*.north.contoso.com*.east.contoso.com*.west.contoso.comYou perform an in-place upgrade of ISA1 by using the ISA Server 2006 Migration Tool. When you use NetworkMonitor on ISA1, you discover that client requests for App1 and App2 are being passed through ISA1.You need to provide a solution that will allow clients to directly access company data on App1 and App2.What should you do?
- A.
Create and configure HTTP, HTTPS, RDP, POP3, and SMTP access rules on ISA1.
- B.
Configure an Application.ini file on the client computers.
- C.
Redeploy the ISA Server 2006 Firewall Client software by distributing it to the client computers by using Group Policy.
- D.
Add app1.contoso.com and app2.contoso.com to the list of domain names available on the Internal network on ISA1.
Correct Answer
D. Add app1.contoso.com and app2.contoso.com to the list of domain names available on the Internal network on ISA1.Explanation
Adding app1.contoso.com and app2.contoso.com to the list of domain names available on the Internal network on ISA1 will allow clients to directly access company data on App1 and App2. By adding these domain names to the list, ISA1 will recognize the requests for App1 and App2 as internal traffic and bypass the ISA Server 2006 Firewall Client software, allowing direct access to the applications. This solution eliminates the need for additional configuration or software deployment on the client computers.Rate this question:
-
- 4.
Your network contains a single ISA Server 2006 computer, which is named ISA1. ISA1 provides access to theInternet for computers on the Internal network, which consists of a single subnet.The companys written security policy states that the ISA Server logs must record the user name for all outboundInternet access. All client computers are configured with the Firewall client and the Web Proxy client and are notconfigured with a default gateway.Users in the marketing department require access to an external POP3 and SMTP mail server so that they can usean alternate e-mail address when they sign up for subscriptions on competitors Web sites. You create and apply anISA Server access rule as shown in the following display.The marketing department users configure Microsoft Outlook to connect to the external mail server. They reportthat they receive error messages when they attempt to read or send e-mail from the external mail server. Youexamine the ISA1 logs and discover that ISA1 denies POP3 and SMTP connections from the client computers.You need to ensure that the marketing department users can connect to the external mail server.What should you do?
- A.
Configure the marketing computers with the IP address of a DNS server that can resolve external names to IP addresses.
- B.
Configure the marketing computers with a default gateway address that corresponds to the IP address of ISA1 on the Internal network.
- C.
On ISA1, enable Outlook in the Firewall client settings
- D.
On ISA1, create a computer set that contains the marketing computers.
Correct Answer
C. On ISA1, enable Outlook in the Firewall client settingsExplanation
Enabling Outlook in the Firewall client settings on ISA1 will allow the marketing department users to connect to the external mail server. By enabling Outlook in the Firewall client settings, ISA1 will allow the necessary POP3 and SMTP connections from the client computers, resolving the issue of the error messages when attempting to read or send email. This will ensure that the marketing department users can successfully connect to the external mail server.Rate this question:
-
- 5.
Your network contains a single ISA Server 2006 computer named ISA1. All Internet access for the localnetwork occurs through ISA1.The network contains a Web server named Server1. Server1 is configured as a SecureNAT client. A Webapplication runs on Server1 that communicates with an external Web site named www.contoso.com.You configure ISA1 with two access rules for outbound HTTP access. The rules are named HTTP Access 1 andHTTP Access 2.HTTP Access 1 is configured to use the All Authenticated Users user set as a condition. HTTP Access 2 isconfigured to use the All Users user set as a condition, and it restricts outbound HTTP traffic to the IP address of Server1.You verify that users can access external Web sites. However, you discover that the Web application cannot accesswww.contoso.com.You need to allow the Web application to use anonymous credentials when it communicates withwww.contoso.com. You also need to require authentication on ISA1 for all users when they access all externalWeb sites.What should you do?
- A.
On Server1, configure Web Proxy clients to bypass the proxy server for the IP address of the server that hosts www.contoso.com.
- B.
On ISA1, add the fully qualified domain name (FQDN) www.contoso.com to the list of domain names available on the Internal network.
- C.
On ISA1, disable the Web Proxy filter for the HTTP protocol.
- D.
Modify the order of the access rules so that HTTP Access 2 is processed before HTTP Access 1.
Correct Answer
D. Modify the order of the access rules so that HTTP Access 2 is processed before HTTP Access 1. -
- 6.
The network contains an ISA Server 2006 computer named ISA1.ISA1 connects to the Internet. ISA1 is configured with access rules for Internet access. A Windows Server 2003computer named CERT1 is configured as an internal certification authority (CA). ISA1 can download thecertificate revocation list (CRL) from CERT1.You are deploying 10 new ISA Server 2006 computers on the network. On ISA1 you export the firewall policysettings into a file named ISA1export.xml. You configure the network configuration settings on each new ISAServer computer. You import the firewall policy settings from the ISA1export.xml file on each new ISA Servercomputer.You test the imported configuration on each of the new ISA Server computers. You discover that each new ISAServer computer cannot download the CRL from CERT1.You need to ensure that the new ISA Server computers can download the CRL.What should you do?
- A.
Edit the ISA1export.xml file by adding the following lines: StorageType=Allow HTTP from ISA Server to all networks (for CRL downloads) String=0 Enabled=1 Import the ISA1export.xml file on each new ISA Server computer
- B.
Export the system policy rules on ISA1 by using the Export System Policy task. Import the system policy rules on each new ISA Server computer.
- C.
Export the array configuration settings on ISA1 to an .xml file. Import the .xml file on the new ISA Server computers.
- D.
Create a destination set for the new ISA Server 2006 computers. Add this destination set to the destination list on the Allow all HTTP traffic from ISA Server to all networks (for CRL downloads) system policy rule.
Correct Answer
B. Export the system policy rules on ISA1 by using the Export System Policy task. Import the system policy rules on each new ISA Server computer.Explanation
Exporting and importing the system policy rules on each new ISA Server computer will ensure that the new computers have the necessary settings to download the certificate revocation list (CRL) from CERT1. The system policy rules include the necessary configurations for allowing HTTP traffic from the ISA Server to all networks for CRL downloads. By exporting and importing these rules, the new ISA Server computers will have the same settings as ISA1 and will be able to download the CRL successfully.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 19, 2023Quiz Edited by
ProProfs Editorial Team -
Feb 18, 2011Quiz Created by
Arashmcse
- Binary Code Quizzes
- Computer Concept Quizzes
- Computer Essential Quizzes
- Computer Forensics Quizzes
- Computer Hardware Quizzes
- Computer Networking Quizzes
- Computer Parts Quizzes
- Computer Programming Quizzes
- Computer Science Quizzes
- Computer Shortcut Key Quizzes
- Computer Skills Quizzes
- Computer Virus Quizzes
- Cyber Security Quizzes
- Data Quizzes
- Data Security Quizzes
- Hacking Quizzes
- HCI Quizzes
- IT SecurITy Quizzes
- Malware Quizzes
- Microprocessor Quizzes
- Network Quizzes
- Operating System Quizzes
- Phishing Quizzes
- Programming Language Quizzes
Back to top