Microsoft _CertifyMe_ 70-351 _ThiQuocTe

Number: 70-351 Passing Score: 800 Time Limit: 1200 min File Version: 2010-05-25 Microsoft - 70-351 Ver : 2010-05-25 Question : 95 .........One of the best ............. Thiquocte/cp,

Exam A QUESTION 1 1.Your network contains a single ISA Server 2006 computer named ISA1. ISA1 is not yet configured to allowinbound VPN access. You deploy a new application named App1. The server component of App1 is installed on an internal server named Server1. The client component of App1 is installed on employee and partner computers. Employees and partners will establish VPN connections when they use App1 from outside the corporate network. You identify the following requirements regarding VPN connections to the corporate network. Employees must be allowed access to only Server1, three file servers, and an internal Web server named Web1. Employees must have installed all current software updates and antivirus software before connecting to any internal resources. Partners must be allowed access to only Server1. You must not install any software other than the App1 client on any partner computers. You need to plan the VPN configuration for the company. What should you do? A. Configure ISA1 to accept incoming VPN connections from partners and employees. Enable Quarantine Control on ISA1. Configure Quarantine Control to disconnect users after a short period of time. Use access rules to allow access to only the permitted resources. B. Configure ISA1 to accept incoming VPN connections from partners and employees. Enable Quarantine Control on ISA1. Exempt partners from Quarantine Control. Use access rules to allow access to only the permitted resources. C. Configure ISA1 to accept incoming VPN connections from partners and employees. Enable Quarantine Control on ISA1. Enable RADIUS authentication and user namespace mapping. Configure a Windows Server 2003 Routing and Remote Access server as a RADIUS server. Create a single remote access policy. D. Add a second ISA Server 2006 computer named ISA2. Configure ISA1 to accept VPN connections from employees. Do not enable Quarantine Control on ISA1. Configure ISA2 to accept VPN connections from partners. Enable Quarantine Control on ISA2. On each server, use access rules to allow access to only the permitted resources. Answer: B Section: (none) Explanation/Reference:

QUESTION 2 2. Your network is configured as shown in the exhibit. (Click the Exhibit button.)

You are upgrading the Routing and Remote Access servers to ISA Server 2006. You need to configure the Internal network. Which three IP address ranges should you include? (Each correct answer presents part of the solution. Choose three.) A. B. C. D. E. 10.0.25.1 C 10.0.25.255 172.16.1.0 C 172.16.1.255 172.16.2.0 C 172.16.2.255 172.16.10.0 C 172.16.10.255 192.168.1.0 C 192.168.255.255

Answer: BCD Section: (none) Explanation/Reference:

QUESTION 3 3. Your network consists of a single Active Directory domain. The network contains an ISA Server 2006 computer named ISA1. Client computers on the network consist of Windows XP Professional computers, UNIX workstations, and Macintosh portable computers. All client computers are domain members. You configure ISA1 by using the Edge Firewall network template. You manually configure ISA1 with access rules to allow HTTP and HTTPS access to the Internet. You configure ISA1 to require all users to authenticate. You need to provide Internet access for all client computers on the network while preventing unauthorized noncompany users from accessing the Internet through ISA1. You also want to reduce the amount of administrative effort needed when you configure the client computers. A. Configure all client computers as Web Proxy clients. Configure Basic authentication on the Internal network.

B. Configure all client computers as Web Proxy clients. Configure Basic authentication on the Local Host network. C. Configure all client computers as SecureNAT clients. Configure Basic authentication on the Internal network. D. Configure the Windows-based computers as Firewall clients. Configure the non-Windows-based computers as Web Proxy clients. Configure Basic authentication on the Local Host network. Answer: A Section: (none) Explanation/Reference:

QUESTION 4 4. Your network consists of a single Active Directory domain named contoso.com. The network contains an ISA Server 2000 computer named ISA1. All client computers have the ISA Server 2000 Firewall Client software installed. Client computers are configured to use an internal DNS server. Two Windows Server 2003 computers named App1 and App2 run a Web-based application that is used to process company data. You configure ISA1 with protocol rules to allow HTTP, HTTPS, RDP, POP3, and SMTP access. The list of domain names available on the Internal network on ISA1 contains the following entries. *.south.contoso.com *.north.contoso.com *.east.contoso.com *.west.contoso.com You perform an in-place upgrade of ISA1 by using the ISA Server 2006 Migration Tool. When you use Network Monitor on ISA1, you discover that client requests for App1 and App2 are being passed through ISA1. You need to provide a solution that will allow clients to directly access company data on App1 and App2. What should you do? A. Create and configure HTTP, HTTPS, RDP, POP3, and SMTP access rules on ISA1. B. Configure an Application.ini file on the client computers. C. Redeploy the ISA Server 2006 Firewall Client software by distributing it to the client computers by using Group Policy. D. Add app1.contoso.com and app2.contoso.com to the list of domain names available on the Internal network on ISA1. Answer: D Section: (none) Explanation/Reference:

QUESTION 5 5. Your network contains a single ISA Server 2006 computer, which is named ISA1. ISA1 provides access to the Internet for computers on the Internal network, which consists of a single subnet. The companys written security policy states that the ISA Server logs must record the user name for all outbound

Internet access. All client computers are configured with the Firewall client and the Web Proxy client and are not configured with a default gateway. Users in the marketing department require access to an external POP3 and SMTP mail server so that they can use an alternate e-mail address when they sign up for subscriptions on competitors Web sites. You create and apply an ISA Server access rule as shown in the following display. The marketing department users configure Microsoft Outlook to connect to the external mail server. They report that they receive error messages when they attempt to read or send e-mail from the external mail server. You examine the ISA1 logs and discover that ISA1 denies POP3 and SMTP connections from the client computers. You need to ensure that the marketing department users can connect to the external mail server. What should you do?

A. Configure the marketing computers with the IP address of a DNS server that can resolve external names to IP addresses. B. Configure the marketing computers with a default gateway address that corresponds to the IP address of ISA1 on the Internal network. C. On ISA1, enable Outlook in the Firewall client settings. D. On ISA1, create a computer set that contains the marketing computers. Answer: C Section: (none) Explanation/Reference:

QUESTION 6 6. Your network contains a single ISA Server 2006 computer named ISA1. All Internet access for the local network occurs through ISA1. The network contains a Web server named Server1. Server1 is configured as a SecureNAT client. A Web application runs on Server1 that communicates with an external Web site named www.contoso.com. You configure ISA1 with two access rules for outbound HTTP access. The rules are named HTTP Access 1 and HTTP Access 2. HTTP Access 1 is configured to use the All Authenticated Users user set as a condition. HTTP Access 2 is configured to use the All Users user set as a condition, and it restricts outbound HTTP traffic to the IP address of Server1. You verify that users can access external Web sites. However, you discover that the Web application cannot access www.contoso.com. You need to allow the Web application to use anonymous credentials when it communicates with www.contoso. com. You also need to require authentication on ISA1 for all users when they access all external Web sites. What should you do?

B.0.com. Web Proxy clients can access Web sites on the Internet. .com to the list of domain names available on the Internal network. You need to ensure that SecureNAT clients can perform DNS name resolution correctly for hosts on the Internet. Answer: D Section: (none) Explanation/Reference: QUESTION 7 7.) A network address translation (NAT) relationship exists from the Internal network to the perimeter network. add the fully qualified domain name (FQDN) www. On Server1. they receive the following error message: Cannot find server or DNS error. However. First. The network is configured as shown in the exhibit. you are able to query name server (NS) resource records on the Internet. (Click the Exhibit button. configure Web Proxy clients to bypass the proxy server for the IP address of the server that hosts www. when SecureNAT clients try to access hosts on the Internet. D. You also need to ensure that DNS name resolution is optimized for Active Directory. A Windows Server 2003 computer named DNS1 functions as a DNS server. From the Nslookup console.A. which controls access between three segments on the network. Your network contains an ISA Server 2006 computer named ISA1.contoso. On ISA1. you run the nslookup command and set the default server to 172. C. Modify the order of the access rules so that HTTP Access 2 is processed before HTTP Access 1. On ISA1. from a SecureNAT client.11.contoso.16. disable the Web Proxy filter for the HTTP protocol.

You configure the network configuration settings on each new ISA Server computer. change the NAT relationship between the perimeter network and the Internal network to a route relationship. B.xml file.(root) zone. Create a destination set for the new ISA Server 2006 computers. On DNS1. On ISA1.xml file by adding the following lines: StorageType=Allow HTTP from ISA Server to all networks (for CRL downloads) String=0 Enabled=1 Import the ISA1export. The network contains an ISA Server 2006 computer named ISA1. delete the . C. Answer: C Section: (none) Explanation/Reference: QUESTION 8 8. Export the array configuration settings on ISA1 to an . On ISA1 you export the firewall policy settings into a file named ISA1export.xml.xml file on each new ISA Server computer. remove the forwarding configuration and add a . On AD1. replace the DNS server publishing rule with an equivalent access rule. A Windows Server 2003 computer named CERT1 is configured as an internal certification authority (CA). ISA1 can download the certificate revocation list (CRL) from CERT1. What should you do? A. C. On ISA1. Add this destination set to the destination list on the Allow all HTTP traffic from ISA Server to all networks (for CRL downloads) system policy rule. Import the . B.xml file on each new ISA Server computer. Answer: B Section: (none) Explanation/Reference: .(root) zone and then disable recursion. Import the system policy rules on each new ISA Server computer. Edit the ISA1export. ISA1 is configured with access rules for Internet access. You import the firewall policy settings from the ISA1export. D.xml file on the new ISA Server computers.What should you do next? A. You discover that each new ISA Server computer cannot download the CRL from CERT1. You are deploying 10 new ISA Server 2006 computers on the network. You test the imported configuration on each of the new ISA Server computers. You need to ensure that the new ISA Server computers can download the CRL. Export the system policy rules on ISA1 by using the Export System Policy task. ISA1 connects to the Internet. D.

Internal network users report that they cannot connect to the Internet. All internal users can connect to the Internet. Create a server publishing rule to allow SMTP traffic from the External network to the SMTP server on the perimeter network. Export the array configuration settings on ISA1. Users report that they cannot receive e-mail messages from users outside of the Internal network. You do not want to create a server publishing rule. RADIUS is configured as the only type of authentication for VPN connections.xml. Import the . C. What should you do? A. Import the file on ISA2. Remote VPN users report that they cannot authenticate to gain access to the network. Your network contains an ISA Server 2006 computer named ISA1. One of the network adapters is connected to the Internet. Create an access rule to allow all traffic between the Internal network and the perimeter network. D. one is connected to the Internal network. The perimeter network adapter and the internal network adapter are connected to private address networks. All remote users can connect to ISA1 by using a VPN connection. You are replacing ISA1 with a new ISA Server computer named ISA2. You need to allow users to receive e-mail messages from other users on the Internet. ISA1 is connected to the Internet. . Export the VPN Clients configuration on ISA1.QUESTION 9 9. Export the system policy configuration settings on ISA1 to an . Create an access rule to allow SMTP traffic from an SMTP server on the perimeter network to a Microsoft Exchange Server computer on the Internal network. You import the ISAconfig. Include user permission settings in the exported configuration file. You export the network-level node configuration settings on ISA1 to a file named ISAconfig. You replace ISA1 with ISA2 on the network. You run the 3-Leg Perimeter Network Template wizard. Import the file on ISA2. You then make the following changes to the firewall policy: Create an access rule to allow all traffic between the Internal network and the Internet. B. Answer: B Section: (none) Explanation/Reference: QUESTION 10 10.xml file on ISA2.xml file on ISA2. Import the file on ISA2. You need to configure ISA2 to allow incoming and outgoing access for company users. You configure ISA Server by applying the 3-Leg Perimeter network template. Export the array configuration settings on ISA1. Include confidential information in the exported configuration file.xml file. and one is connected to a perimeter network. VPN access is configured to ISA1. You install ISA Server 2006 on a computer that has three network adapters. Include confidential information in the exported configuration file.

Create a network rule that sets a route relationship between the Internal network and the perimeter network. You are the administrator of an ISA Server 2006 computer named ISA1. The relevant portion of the network is configured as shown in the exhibit. First. D.What should you do? A.and External network to NAT. ISA1 has two network adapters. B. they receive the following error message: Error Code 10060: Connection timeout. Change all network rules that control the route relationships between the Internal network. C. Create an access rule that allows WebServer2 access to the Internal network. Change the network rule that controls the route relationship between the perimeter network and the Internal network to Route. This might indicate that the network is congested or that the website is experiencing technical difficulties. perimeter network. Change all network rules that control the route relationships between the Internal network. What should you do next? A. Create a Web publishing rule that publishes WebServer2 to the Internal network. When they attempt to access the Web site. (Click the Exhibit button. You place a Web server named WebServer2 on this perimeter network segment. Background: There was a time out before the page could be retrieved. Your network contains an ISA Server 2006 computer named ISA1.) . You create a computer object for WebServer2 and then create an access rule that allows Internal network clients HTTP access to WebServer2. Access rules allow users on the Internal network to have HTTP access to the Internet. B. Change the network rule that controls the route relationship between the perimeter network and the External network to NAT. Answer: A Section: (none) Explanation/Reference: QUESTION 12 12. and External network to Route. perimeter network. Users are not required to authenticate with ISA1 to access WebServer2. Users report that they cannot access information on WebServer2. Answer: A Section: (none) Explanation/Reference: QUESTION 11 11. You add a third network adapter to ISA1 and connect the third network adapter to a perimeter network. You need to ensure that users on the Internal network can access information on WebServer2. Create a server publishing rule that publishes WebServer2 to the Internal network. D. C. you verify that WebServer2 is operational. WebServer2 must be accessible to computers on the Internal network.

0/24.0.0 through 10.0/24 can connect to the Internet.0.255 to the definition of the Internal network.2.2. Create two new networks. Create two new networks.3. Add the address ranges 10.0 through 10.0. Create an access rule to allow this network set access to the Internet.0/24 and one for 10. you defined the Internal network address range as 10.0/24 report that they cannot connect to the Internet.0. Your network contains an ISA Server 2006 array. You need to reduce the amount of intra-array traffic.0.0/24 and 10.2.0 through 10. You create an access rule to allow all traffic from the Internal network to the External network. You enable Cache Array Routing Protocol (CARP) so that outbound Web requests are resolved within the array.3.2. B.1.0.0. What should you do? .0/24 and 10. one for network ID 10.255.0. Create access rules to allow these networks access to the Internet.3.0.0.255 and 10. You use Network Monitor to check network traffic patterns on each of the ISA Server 2006 array members. You discover that there is very high network utilization on the intra-array network. Create a new network set containing these networks.0. Soon after you enable CARP on the array.3.0/24 and for network ID 10.0/24.3. C.2.0.0.2. You need to ensure that users on network IDs 10. Answer: B Section: (none) Explanation/Reference: QUESTION 13 13. The array contains six members.0. one for network ID 10.0.0.1. D. Create a subnet network object for network ID 10.0/24 and one for 10.When you installed ISA Server 2006 on ISA1. Users are not required to be authenticated to use this rule.2.3. What should you do? A.3. Web users on the corporate network report that Internet access is slower than normal.0/24. Users on network IDs 10. You examine the routing tables on the router and on ISA1 and confirm that they are correctly configured.

Enable CARP on the intra-array network. You configure the array to cache outgoing Web requests. Ensure that this rule is placed immediately below the allow rule. Configure a content download job on the array. B.A. Configure the rules schedule to be enabled between 08:00 and 17:00. Your network contains two ISA Server 2006 Enterprise Edition computers named ISA1 and ISA2. . C. ISA1 and ISA2 are configured as members of an ISA Server 2006 array. Your network contains an ISA Server 2006 computer named ISA1. You want to minimize the traffic on the intra-array network. C. Configure the rules schedule to be enabled between 08:00 and 17:00. Enable the client computers to download the automatic configuration script. D. Enable Network Load Balancing on the intra-array network. Answer: C Section: (none) Explanation/Reference: QUESTION 14 14. The companys written security policy states that users must be allowed access to the Internet only between the hours of 08:00 and 17:00. D. What should you do? A. Answer: B Section: (none) Explanation/Reference: QUESTION 15 15. Enable Cache Array Routing Protocol (CARP) on the Local Host network. You configure the array so that the cached Web content is distributed between ISA1 and ISA2. What should you do? A. C. Create another access rule that denies all protocols between 17:00 and 08:00. Use automatic discovery to configure the client computers as Web Proxy clients. Configure Network Load Balancing on the Internal network. You need to configure ISA1 to allow all Internet traffic between 08:00 and 17:00 and to not allow outbound Internet traffic at other times. Create an access rule to allow all protocols. Create an access rule to allow all protocols at all times. B. B. Configure the client computers as SecureNAT clients. Create an access rule to deny all protocols.

Answer: D Section: (none) Explanation/Reference: QUESTION 17 17. Configure the rule to allow connections from the External network to the Internal network. On the rule. Answer: A Section: (none) Explanation/Reference: QUESTION 16 16. You need to configure ISA1 to publish the Web site hosted by this Web server. You must publish this Web site while adhering to the companys security policy. and you need to adhere to the companys security policy. On the rule. Create a Web publishing rule. Partners and customers will access the Web pages hosted by this Web server only from the Internet. The companys written security policy states that ISA1 must authenticate users before users on the Internet are allowed to access corporate Web servers. D. Create an HTTP access rule. D. You install a new Web server on the Internal network. Configure the rule to perform link translation. enable and configure HTTP bridging. Create an HTTP server publishing rule. Configure the rule so that requests sent to the published server forward the URLs so that they appear to come from ISA1. Create a Web publishing rule. Configure the rule to specify that requests appear to come from ISA1. The companys new. Create an access rule to deny all protocols at all times. C. You need to publish a new Web site that has many internal computer names within the Web site. B. enable and configure Link Translation. What should you do? A. Configure an HTTP server publishing rule. B. What should you do? A. Configure the rule so that requests sent to the published server forward the URLs so that they appear to come from the original client computer.D. written security policy states that internal computer names must not be published or accessible via the Internet. Ensure that this rule is placed immediately below the deny rule. Configure the rule to require user authentication. . Create a Web publishing rule. Create another access rule that allows all protocols between 08:00 and 17:00. Create a Web publishing rule. Your network contains a single ISA Server 2006 computer named ISA1. Your network contains a single ISA Server 2006 computer named ISA1. Configure an HTTP server publishing rule. C.

You need to configure ISA1 to give users access from their cellular phones to e-mail.Answer: A Section: (none) Explanation/Reference: QUESTION 18 18. You need to ensure that you adhere to the companys security policy. Your network contains an ISA Server 2006 computer named ISA1. Configure an HTTP Web publishing rule to direct traffic to the Exchange Server computer. Configure Microsoft Outlook Web Access on an internal server. Configure the rule to point to the Microsoft Outlook Mobile Access site. . The phones have a Wireless Access Protocol (WAP) browser and an e-mail client that is capable of only POP3 and IMAP4. Configure an RPC Proxy server. The company is adopting Web-enabled cellular phones and wants to allow users to use these phones to access their e-mail over the Internet. B. Create an HTTPS server publishing rule. D. You need to ensure that all employees use Outlook 2003. The company uses Microsoft Exchange Server 2003 as its e-mail server. The companys written security policy states that all user names and passwords must be encrypted when they are sent over the Internet. B. The companys written security policy states that all e-mail communications to the Microsoft Exchange Server 2003 computer over the Internet must be encrypted. What should you do? A. Create a server publishing rule to direct all Exchange RPC traffic to the RPC Proxy server. What should you do? A. Create an HTTPS server publishing rule. whether they use e-mail in the office or use e-mail remotely over the Internet. ISA Server 2006 is installed as your companys firewall. Answer: D Section: (none) Explanation/Reference: QUESTION 19 19. Create an HTTPS Web publishing rule to direct traffic to the RPC Proxy server. All of the companys portable computers run Microsoft Outlook 2003. Configure Microsoft Outlook Web Access on an internal server. Configure the rule to point to the Microsoft Outlook Web Access site. Configure an HTTPS Web publishing rule to direct traffic to the Exchange Server computer. Configure an RPC Proxy server. C.

Answer: A Section: (none) Explanation/Reference: QUESTION 21 21. Users can connect to the Remote Desktop Web Connection site by using Internet Explorer. you enable Remote Desktop connections. B. You need to ensure that users can access App1. Your network contains an ISA Server 2006 computer named ISA1. you need to configure the rule to meet the requirements. B. What should you do? A. Employees use an application named App1. Create a POP3 server publishing rule. On a Windows Server 2003 computer. Configure the rule to forward the requests so that they appear to come from the original client. What should you do? A. Configure an RDP server publishing rule. First.C. You need to configure ISA1 to publish the new Web site. Configure the rule to point to an Exchange Server 2003 computer. D. App1 must record the client IP source address in the App1 logs for every request. You create a Web publishing rule to publish the Remote Desktop connections virtual directory. Configure a new RDP protocol definition. they cannot establish a Terminal Services connection. C. Now. Create an IMAP4 server publishing rule. Configure the rule to forward the original host header to the published Web server. Configure the rule to forward the requests so that they appear to come from ISA1. you create an SSL Web publishing rule. Configure a new RPC protocol definition. Server1 has Terminal Services installed. The Web site hosts an application named App1. Answer: B Section: (none) Explanation/Reference: QUESTION 20 20. D. Your network contains a single ISA Server 2006 computer. C. Configure the rule to point to an Exchange Server 2003 computer. The company deploys a new secure Web site. Configure the rules link translation to replace absolute links in all Web pages. Answer: D Section: (none) . Configure an RPC Services server publishing rule. D. However. which is hosted on a server named Server1.

You need to enable the site-to-site VPN connection by using the most secure IPSec authentication method possible. B. A network rule defines a network address translation (NAT) relationship between the Internal network and the External network. You also need to allow users to establish a Remote Desktop connection to Server1 by using the non-standard TCP port 12345. You receive the following error message: The last connection attempt failed because: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer. Answer: AD Section: (none) Explanation/Reference: QUESTION 23 23. Your company has a main office and is adding a branch office. You want to connect the main office and the branch office networks by using a site-to-site VPN. Create a server publishing rule for Server1 that uses RDP-x. you configure it to use certificates and a preshared key.Explanation/Reference: QUESTION 22 22. At each office. Restart the ISA Server computer at both offices. the preshared key is configured as the office name on the ISA Server computer at that office. Choose two. B. You open the Routing and Remote Access console and manually dial the demand-dial interface. . What should you do? A. Your network contains an ISA Server 2006 computer. Which two actions should you perform? (Each correct answer presents part of the solution. C.) A. Re-enter the preshared keys on the ISA Server computer at both offices. and symbols. Change the preshared keys so that they include mixed-case letters. When you create the remote site network on each ISA Server computer. You need to perform remote administration of Server1 from the External network by using Remote Desktop. Configure a new protocol definition for TCP port 12345 inbound named RDP-x. Computer certificates are installed on the ISA Server computer at each office. Configure a new protocol definition for TCP port 12345 outbound named RDP-x. You create a site-to-site VPN connection that connects the office networks by using the L2TP over IPSec VPN protocol. numbers. Create an access rule for Server1 that uses RDP-x. D. The site-to-site VPN fails. you repeatedly run the ping command to a host on the branch office network. The main office and the new branch each have an ISA Server 2006 computer. The Internal network contains a Windows Server 2003 computer named Server1. From the ISA Server computer at the main office.

1.168. The main office has an ISA Server 2006 computer named ISA1. (Click the Exhibit button.2.168.0/24. and re-create the remote site networks with the original parameters. D.) The main office network includes two network IDs: 192. D. You need to ensure that all users at the main office can connect to resources located on the branch office network.0/24 report that they cannot connect to computers at the branch office. You want to connect the main office to the branch office by using a site-to-site VPN connection.168. You create an access rule on ISA1 and on ISA2 to allow all traffic to and from the main office and branch office networks.0/24 to the default Internal network at the main office.2.0. The 192. C.0. Remove the router connecting the two networks at the main office. Users on network ID 192. Add the addresses in network ID 192.0/24 network is directly connected to ISA1 and is configured as the default Internal network. and place both network IDs on a single Ethernet broadcast segment. Add this network object to the list of destination computers that the branch office computers can connect to.0/24 and 192. The relevant portion of the network is configured as shown in the exhibit.0/24 network. The internal network adapter on ISA2 is on network ID 10.2.1.C.168. On ISA2. The 192. Remove the preshared key from the remote site network configuration on the ISA Server computer at both offices.0/24.168. . Your company has a main office and one branch office.1.0/24 network and one for the 192. The branch office has an ISA Server 2006 computer named ISA2.0.0/24 network by a router on the main office Internal network.2.2.168.0/24 to the default Internal network at the main office. You create two subnet network objects in the ISA Server Management console: one network for the 192.168. create a subnet network object representing the 192. Delete the remote site network on the ISA Server computer at both offices.0/24 network is connected to the 192. You create an access rule on ISA1 to allow all traffic between the default Internal network and the branch office network.2. Answer: C Section: (none) Explanation/Reference: QUESTION 24 24.0/24 network.1.0.168.168. Add the addresses in network ID 10.168. B. What should you do? A.

ISA1 is configured with two network adapters. You test the VPN configuration and successfully establish a VPN connection to ISA1 from an external Windows XP Professional client computer named XP1. and you create a site-to-site VPN connection between the ISA Server computers. Change the preshared keys so that they include mixed-case letters. .0. You choose the L2TP over IPSec VPN protocol. You install ISA Server 2006 on a computer at each office. Your network contains an ISA Server 2006 computer named ISA1. The Internal network address range is 10.1. You create remote site networks on the ISA Server computers at both offices.0. You enable VPN client access. and symbols.0.0. numbers. What should you do? A. You need to ensure that the L2TP over IPSec site-to-site VPN connections continue to function properly after the ISA Server computers are restarted. Re-enter the preshared keys on the ISA Server computers at both offices. You open the Routing and Remote Access console and enter the preshared key in the Properties dialog box for the Routing and Remote Access server. and enter the key on the Authentication tab of the Virtual Private Networks (VPN) Properties dialog box.255. The site-to-site L2TP over IPSec connection is successful. You define the VPN assignment as a static pool that extends from 10. Remove all certificates for the ISA Server computers at both offices. You are connecting the main office and branch office networks.0.255. You want to use a preshared key for the IPSec authentication. Your company has a main office and is adding a branch office.0 through 10. The external network adapter is connected to the Internet.0. Answer: C Section: (none) Explanation/Reference: QUESTION 26 26. Install user certificates on the ISA Server computers in both offices and enable EAP user authentication for the demand-dial accounts. remove the preshared key from the Routing and Remote Access console. You confirm that internal client computers can browse external Web sites. You then restart the ISA Server computers and discover that the site-to-site connection fails. D.Answer: A Section: (none) Explanation/Reference: QUESTION 25 25. You discover that you cannot browse external Web sites from XP1 while it has a VPN session with ISA1.1. On the ISA Server computers at both offices. B.0 through 10. The internal network adapter is connected to the Internal network. C.

you create a DHCP scope that includes the three DHCP options. On the VPN clients.) A. Remove the DHCP server from ISA1 and place it on a computer that is behind ISA1. What should you do? A. Answer: D Section: (none) Explanation/Reference: QUESTION 27 27. C. clear the check box to use the default gateway on the remote network. reconfigure the VPN address assignments to use DHCP. Which two actions should you perform? (Each correct answer presents part of the solution. You discover that no WINS or DNS server address is assigned to the VPN clients. Install a DHCP Relay Agent on ISA1. DNS. Configure the Routing and Remote Access internal network adapter as a DHCP client. On ISA1. create an access rule that allows outbound HTTP and HTTPS access from the VPN client network for the All Authenticated Users user set. Ensure that the address assignments are within the range defined for the Internal network. D. In the ISA Server Management console. in Internet Explorer. configure the dial-up and virtual network settings for the VPN connection object to use the proxy server settings for ISA1. You need to ensure that the DHCP options are assigned to the VPN client computers.You need to ensure that VPN clients can browse external Web sites while connected to ISA1. D. ISA1 is configured as a remote access VPN server and as a DHCP server. On ISA1. configure VPN address assignment to use the Internal network for the DHCP. C. and no primary domain name is listed. in the VPN connection object in the Network Connections folder. Your network contains an ISA Server 2006 computer named ISA1. You also need to ensure that all requests for external Web sites from VPN clients are processed through ISA1. and WINS services. On the VPN clients. Choose two. B. VPN users report that they cannot connect to file shares after logging on to the network. Answer: AD Section: (none) Explanation/Reference: QUESTION 28 . B. VPN client computers need to be assigned the following DHCP options: DNS WINS Domain name On the DHCP server.

D. C. Users report that they cannot connect to the network. They state that they receive the following error message: Error 691: Access was denied because the username and/or password was invalid for the domain. Enable remote access permissions for the VPN user accounts in Active Directory. Several users report that they cannot connect to the network. ISA1 is a member of a workgroup. Disable IP fragment blocking Disable IP routing. Your network contains an ISA Server 2006 computer named ISA1. which is configured as a remote access VPN server. Answer: A Section: (none) Explanation/Reference: QUESTION 29 29. C. You review the log files on ISA1 and discover that the users with failed connection attempts are all using L2TP over IPSec.28. Your network contains an ISA Server 2006 computer named ISA1. ISA1 is configured to accept only EAP authentication for VPN clients. What should you do? A. Answer: A Section: (none) Explanation/Reference: QUESTION 30 30. All VPN clients have been assigned user certificates from the corporate enterprise certification authority (CA). Users on ISA Server protected networks require access to PPTP and L2TP over IPSec VPN servers on the . Your network contains an ISA Server 2006 computer named ISA1. which functions as a remote access VPN server for the network. Join ISA1 to the corporate network domain. You need to ensure that VPN users can connect to the network. which allows outgoing connections to the Internet. B. Place the CA certificate into the VPN clients Trusted Root Certification Authorities computer certificate store. A network rule defines a network address translation (NAT) relationship between the Internal network and the Internet. What should you do? A. D. Disable IP options filtering. Configure ISA1 to use RADIUS authentication. You need to ensure that the users can connect to the network. You configure ISA1 to accept both PPTP and L2TP over IPSec VPN connections from remote access clients. Disable verification of incoming client certificates. B.

except ISA1. You configure all network computers. and you discover that the Control access through Remote Access Policy option is not available. B. they cannot access file shares on the network file . D. ISA1 is a member of the Active Directory domain. Elevate the domain functional level Enable user mapping for VPN client connections.Internet. Configure the network computers to use IPSec tunnel mode. Users report that after connecting to the corporate network. VPN connections fail. You examine the properties of several domain user accounts. Disable the Web Proxy client configuration on the network computers Disable the Firewall client configuration on the network computers. You want to control VPN access by using a remote access policy. B. Configure a RADIUS-based remote access policy. Your network contains an ISA Server 2006 computer named ISA1 operating in a Workgroup. Your network consists of a single Active Directory domain. You need to ensure that users can connect to PPTP and L2TP over IPSec VPN servers on the Internet. You discover that users cannot connect to Internet PPTP and L2TP over IPSec VPN servers. Answer: C Section: (none) Explanation/Reference: QUESTION 32 32. C. Remote access VPN clients can use either PPTP or L2TP over IPSec to connect to ISA1. You create access rules on ISA1 to allow outbound connections to the Internet by using PPTP Client. The network contains an ISA Server 2006 computer named ISA1. Answer: C Section: (none) Explanation/Reference: QUESTION 31 31. You configure ISA1 to allow VPN access to members of the Domain Users global group. IPSec NAT Traversal (NATT) Client. What should you do? A. However. D. as both Web Proxy and Firewall clients. and IKE Client protocols. ISA1 functions as a remote access VPN server for the network. Configure the network computers as SecureNAT clients. C. What should you do? A. Configure the ISA Server remote access policy. You configure ISA1 as a remote access VPN server that allows both PPTP and L2TP over IPSec remote access client connections. You need to enable remote access permission by using a remote access policy.

. You need to ensure that users are not asked for credentials when they access file shares.. configure the appropriate option or options in the dialog box in the answer area.... . = No urgent data TCP: . = Acknowledgement field not significant TCP: .. Configure ISA1 as a RADIUS client.. C.. You want to be able to create a custom alert that is triggered whenever ISA1 experiences traffic that uses invalid flag settings to discover open ports.. You notice a high volume of TCP traffic that is sent in quick succession to random TCP ports on ISA1. Create an access rule to enable the LDAP and LDAPS protocols from the Local Host network to the Internal network D. = No Reset TCP: ..... TCP: . You do not want the alert to be triggered by traffic that uses valid flag settings in an attempt to discover open ports....... Answer: AD Section: (none) Explanation/Reference: QUESTION 33 33..... Choose two..0... You want to accomplish this goal by selecting only the minimum number of options in the Intrusion Detection dialog box.) A. You use Network Monitor to capture and analyze inbound traffic from the Internet to ISA1....... Which two actions should you perform? (Each correct answer presents part of the solution.. Your network contains an ISA Server 2006 computer named ISA1. = No Synchronize TCP: . Instruct the users to log on by using their domain credentials via dial-up networking B.0. = No Push function TCP: .server without first being presented with an authentication prompt.0 = No Fin This traffic slows the performance of ISA1. TCP: Flags = 0x00 : .0. What should you do? To answer. The flag settings of the raffic are shown in the following example....0. Join ISA1 to the domain.0.

Answer: Section: (none) Explanation/Reference: QUESTION 34 34. Your network contains an ISA Server 2006 computer named ISA1. .100. You run the netstat Cna command on ISA1.141.168. The IP address bound to the external network adapter of ISA1 is 192. The relevant portion of the output is shown in the following table.

Memory\Pages/sec Process(W3Prefch)\Pool Nonpaged Bytes ISA Server Cache\Memory Usage Ratio Percent (%) Physical Disk\Avg. D. You need to be able to quickly verify whether ISA1 is allowing traffic to TCP port 139.exe tool to query ISA1. C. D. use the Portqry. use the Netdiag. F. C. From a remote computer. Disk Queue Length ISA Server Cache\Disk Write Rate (writes/sec) Memory\Pool Nonpaged Bytes Answer: AC Section: (none) Explanation/Reference: .You need to ensure that ISA1 accepts connection requests for only HTTP traffic. use a port scanner to query ISA1. B. On ISA1. run the pathping command to query ISA1.exe tool to query ISA1. Your network contains an ISA Server 2006 computer named ISA1. E. Choose two. Answer: B Section: (none) Explanation/Reference: QUESTION 35 35. Which two System Monitor performance counters should you add? (Each correct answer presents part of the solution. B.) A. ISA1 is configured to provide forward Web caching for users on the Internal network. You need to verify whether insufficient memory is the source of the slow performance. What should you do? A. users report that it takes longer than usual for Web pages to appear. During periods of peak usage. You suspect that insufficient memory is the source of the slow performance of ISA1. From a remote computer. On ISA1.

contoso.2. D. The IP address of Server1 is 10. com/info and the www. Both Web sites are located on a Windows Server 2003 computer named Server1. Both the www. F. ISA1 is configured with 512 MB of RAM and a single 60-GB hard disk.contoso. Which two System Monitor performance counters should you add? (Each correct answer presents part of the solution. C.com/info.com/info and requests for www.com/info virtual subdirectories.com/info virtual directories point to a common file share. . The default log view does not allow you to easily distinguish between requests for www.contoso.0. ISA1 is configured to publish two Web sites named www.) A. you need to filter the log viewer to display only the requests for both the www. Disk Queue Length Physical Disk\Split IO/sec Answer: AE Section: (none) Explanation/Reference: QUESTION 37 37. The Web publishing rules are configured as shown in the following display.0. During periods of peak usage.com/info and www. You are the administrator of an ISA Server 2006 computer named ISA1. B. Your network contains an ISA Server 2006 computer named ISA1.com.QUESTION 36 36. ISA1 is configured to provide forward Web caching for users on the Internal network. A sample of the log with the relevant entries is shown in the following table. Memory\Pages/sec Memory\Pool Nonpaged Bytes MSSQL$MSFW:Databases(*)\Transactions/sec MSSQL$MSFW:MemoryManager\Target Server Memory (KB) Physical Disk\Avg.contoso. You need to ensure that the log viewer displays the fully qualified domain names (FQDNs) for the Web site requests. E.fabrikam.fabrikam.fabrikam. users report that it takes longer than usual for Web pages to appear.com and www.fabrikam. Choose two. Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) database logging is enabled on ISA1. In addition. You need to identify the source of the slow performance.

C. In the log viewer. Restore the log summary files from backup for the last three months. The reports for the last five weekends display correct data. Only monthly activity summary reports are available for previous months. B. Configure the Microsoft Data Engine (MSDE) database log files to be saved for 130 days. In the log viewer. add a column to display the destination host name. add a column to display the destination host name. In the log viewer. D. Configure each Web publishing rule to use the FQDN of its respective Web site on the To tab. You need to provide custom reports that show the actual activity for all the weekends during the last three months. You generate custom reports to indicate user activity during the weekends of the last three months. ISA1 publishes the reports to a folder named IsaReports. ISA1 is configured to generate daily and monthly reports.0. In the IsaReports folder. add two conditions to the default log filter expression.2. configure two Hosts file entries that resolve both FQDNs to 10. add a column to display the destination host name.0. You are the administrator of an ISA Server 2006 computer named ISA1. B. D. add to the default log filter expression a condition where the URL contains the text string info. add to the default log filter expression a condition where the URL contains the text string info. In the log viewer. Answer: A Section: (none) Explanation/Reference: QUESTION 38 38. In the log viewer. create a new folder for each of the weekends. Configure the second condition so that Server contains Contoso. configure two Hosts file entries that resolve both FQDNs to the external IP address of ISA1. What should you do? A. Configure the first condition so that Server contains Fabrikam. Restore the MSDE database log files from backup for the last three months. On ISA1. In the log viewer. On ISA1. add two conditions to the default log filter expression. However. Configure the second condition so that the Rule equals Web Publish 2. Delete the log summary files. C. In the log viewer. Configure the first condition so that the Rule equals Web Publish 1.What should you do? A. Configure daily reports to be saved for 130 days. Answer: B Section: (none) Explanation/Reference: . Configure each Web publishing rule so that requests appear to come from the original client computer. Disable and then re-enable log summary reports. Configure daily reports to be saved for 130 days. Copy the respective daily report files for each day of a weekend into their corresponding folders. reports for previous weekends cannot be displayed.

one network adapter for the internal network one network adapter for the external network one disk drive for the cache database one disk drive for the logs D. one network adapter for the internal network one disk drive for the cache database one disk drive for the logs B. You will configure the array as a Web cache and as a Winsock proxy.000 users on the network. ISA1 provides Internet access for all users on the companys network. You view the Firewall log and the Web Proxy filter log on ISA1 and notice that the URLs of Web sites visited by company users are not displayed. two network adapters for the internal network two network adapters for the external network on each network adapter. All users require access to the Internet.QUESTION 39 39. Maximize performance for Internet access. Your recommendations must allow the array to be configured to meet the following requirements: Provide fault tolerance for all types of ISA Server clients. Configure all network computers as Web Proxy clients. You need to recommend a hardware configuration for the new array. enable network teaming one disk drive for the cache database one disk drive for the logs Answer: C Section: (none) Explanation/Reference: QUESTION 40 40. Which hardware configuration should you use in each server? A. There are 6.All computers on the network are configured as SecureNAT clients. B. You plan to deploy an array that contains two new ISA Server Enterprise Edition servers. . Configure all network computers as Firewall clients. Your company has one office that connects to the Internet by using a high-speed link. You create an access rule on ISA1 that allows all users access to all protocols on the External network. Provide fault tolerance if the Microsoft Firewall service fails on either server. You need to ensure that the URLs of Web sites visited by company users are displayed in the ISA1 log files. one network adapter for the internal network one network adapter for the external network one disk drive for the cache database and the logs C. Your network contains an ISA Server 2006 computer named ISA1. What should you do? A.

cmd.C. You create a file named C:\Alerts\NetworkAlert. The properties of the Network Connectivity alert are configured as shown in the Alert Events exhibit and the Alert Actions exhibit.cmd uses net. Each adapter is connected to one of the following: Internal network. Answer: A Section: (none) Explanation/Reference: QUESTION 41 41. D. and Internet. perimeter network. which runs Windows Server 2003. All administrative hosts exist in the Internal network.) . Configure ISA1 to require authentication for Web requests. (Click the Exhibit button. Your network contains an ISA Server 2006 computer named ISA1.exe to send the following message to all administrative computers: Problem with network connectivity on ISA1. You add a custom alert named Network Connectivity. Configure ISA1 to require authentication for all protocols. The NetworkAlert. You enable the default Network configuration changed alert. ISA1 has three network adapters.

You see the corresponding alert in both the Alerts view and the application log of Event Viewer. the message is not received on any of the administrative computers. On ISA1. B. Enable and start the messenger service and the alert service on ISA1 and on your administrative computer. Disable the default Network configuration changed alert. However. Answer: D Section: (none) Explanation/Reference: QUESTION 42 42. configure the DisableDHCPMediaSense entry with a value of 1. . D.You test the Network Connectivity alert by disabling the ISA1 network adapter that is connected to the perimeter network. You install Windows Server 2003 Service Pack 1 on a server named ISA1. You deploy ISA Server 2006 as a firewall on ISA1. What should you do? A. Configure the Network Connectivity alert actions to run NetworkAlert. You need to ensure that the administrative computers receive the text message when the Network Connectivity alert is triggered. You also need to be able to test the alert by disabling the perimeter network adapter on ISA1.cmd by using an account that has the Log on as a batch job right. C.

The offices are connected by using high-speed network links. You need to ensure that users will be able to access the Internet from the main office and the branch offices. On NA2. D. specify a default gateway address. On NA2. What should you do? A. On NA2. C. On ISA1. . You plan to deploy ISA Server 2006 on a server named ISA1. You need to install ISA Server 2006 on the server. Answer: D Section: (none) Explanation/Reference: QUESTION 43 43.A new company security policy states that servers that connect directly to the Internet must only run required services. What should you do on ISA1? A. Disable the IP Routing feature of ISA Server 2006. Start the Windows Firewall service. B. On ISA1. define a static route for each branch office network. On ISA1. define a static route for each branch office network. and then select the Microsoft Internet Security and Acceleration Server 2004 server role. Install Windows Server 2003 Service Pack 2. C. specify a default gateway address. B. ISA1 contains two network adapters named NA1 and NA2. ISA1 is located in the main office. D. On NA1. You have a server that runs the 64-bit version of Windows Server 2003. define a static route for the main office network. specify a default gateway address. Run the Security Configuration Wizard (SCW). ensure that the default gateway entry is blank. Answer: C Section: (none) Explanation/Reference: QUESTION 44 44. You plan to configure ISA1 to cache Web content for all users and to define all computers as Web Proxy clients. Your company has a main office and five branch offices. You need to ensure that your deployment of ISA1 meets the new company security policy. The main office is the only location that has an Internet connection. specify a default gateway address. NA1 is connected to the internal network and NA2 is connected to the Internet. On NA2.

and then import the ISA Server 2004 configuration. On ISA2. Install and run the Microsoft Baseline Security Analyzer (MBSA). From the ISA Server 2006 CD. On ISA1. D. On ISA1. back up the ISA Server 2004 configuration.What should you do? A. The ISA . run setup. C. The upgrade must meet the following requirements: minimize interruptions to Internet access minimize hardware costs What should you do? A. and then import the configuration from ISA1. On ISA1 and ISA2. On ISA1. uninstall ISA Server 2004. B. C. Run the Security Configuration Wizard (SCW). and then install a Configuration Storage server as a replica of ISA1. perform an in-place upgrade of ISA Server 2006. Your network contains an ISA Server 2004 Enterprise Edition array. On ISA1 and ISA2. B. back up the ISA Server 2004 configuration. and then perform an in-place upgrade of ISA Server 2006. run setup. uninstall ISA Server 2004. The ISA Servers connect to the Internet and provide Internet access to users. Install the 32-bit version of Windows Server 2003. From the ISA Server 2006 CD. On ISA1. Answer: D Section: (none) Explanation/Reference: QUESTION 46 46. The array contains two servers named ISA1 and ISA2. Answer: C Section: (none) Explanation/Reference: QUESTION 45 45. The main office also has a Configuration Storage server. On ISA1.exe. install ISA Server 2006. On a new server named ISA3. back up the ISA Server 2004 configuration. uninstall the Configuration Storage server. install a new Configuration Storage server. On ISA1 and ISA2. Your company has a main office and two branch offices. run setup. and then import the ISA Server 2004 configuration. exe. Both ISA1 and ISA2 have a Configuration Storage server installed locally and are replicas of the same array. perform an in-place upgrade of ISA Server 2006. You need to upgrade ISA1 and ISA2 to ISA Server 2006. The ISA Server in the main office is configured as a firewall and as a VPN gateway to the Internet. Remove ISA1 and ISA2 from the array. install ISA Server 2006 and include a Configuration Storage server as a replica of ISA1. D. uninstall the Configuration Storage server. On ISA2.exe. install ISA Server 2006.exe. run setup. Install Windows Server 2003 Service Pack 1. back up the ISA Server 2004 configuration. From the ISA Server 2006 CD. From the ISA Server 2006 CD. Each office has a server that runs ISA Server 2006 Enterprise Edition.

Choose three. Copy the Firewall Client software installation files to an intranet Web server. Give users a shortcut to the shared folder. Answer: ADE Section: (none) Explanation/Reference: QUESTION 47 47. Add an entry in the network logon script to run a silent install of the Firewall Client software from the Web server to all the desktop client computers. The internal network is configured to accept Web Proxy connections and Firewall client connections. The main office has a server named ISA1 that runs ISA Server 2004. B. The server is configured as a firewall and as a Web proxy. Configure the branch office array to connect over a VPN site-to-site connection and to use an alternate securely-published Configuration Storage server. The network contains 300 desktop client computers. You must achieve this goal by using the minimum amount of administrative effort. You need to deploy Firewall Client for ISA Server to all the desktop client computers. D. Assign the Firewall Client software to all desktop client computers by using a Group Policy object (GPO). C. Your company has a main office and a branch office. You have a single server that runs ISA Server 2006. Create a firewall policy rule on the ISA Servers in the branch offices. The branch office has a server named ISA2 that runs ISA Server 2004. Install a certificate on the Configuration Storage server. Publish the Configuration Storage server to the Internet by using LDAPS on port 2174. D. E. Log on to each desktop client computer as an administrator. B. All client computers are joined to the domain. C. What should you do? A. You need to ensure that the ISA Servers in the branch offices can access the Configuration Storage server if the VPN tunnel is unavailable. . Users only have user level privileges on their computers. Copy the Firewall Client software installation files to a file server and share the folder as MSPCLNT.Servers in the branch offices connect to the main office by using an L2TP/IPsec site-to-site VPN tunnel. Copy the Firewall Client software installation files to a file server and share the folder as MSPCLNT.) A. Your network consists of a single Active Directory domain. Create a firewall policy rule on the ISA Server in the main office. Install the Firewall Client software from the \Mspclnt shared folder on the ISA Server 2006 server to the desktop client computers. Which three tasks should you perform? (Each correct answer presents part of the solution. Answer: B Section: (none) Explanation/Reference: QUESTION 48 48.

You configure ISA1 to only allow encrypted Firewall client connections. install the Firewall Client for ISA Server software. C. remove ISA Server 2006 and install ISA Server 2004. C. configure the ISA Server as the default gateway. Users in the main office report that they cannot access external e-mail services by using Microsoft Office Outlook.000 desktop client computers. What should you do? A. On ISA2. On ISA1. You change the user set of the Internet access rule from All Users to All Authenticated Users. You need to ensure that users in the main office can access external e-mail servers by using Outlook. The desktop client computers have Firewall Client for ISA Server 2000 installed. They cannot connect to remote computers by using the Remote Desktop client. On all client computers. and RDP. You upgrade ISA1 to ISA Server 2006. configure the Firewall Client settings to enable the Allow non-encrypted Firewall client connections option. Your network consists of an Active Directory domain. and FTP for All Authenticated Users. Answer: A Section: (none) Explanation/Reference: QUESTION 49 49. D. Configure ISA1 to only allow encrypted Firewall client connections. FTP.Your network contains 5. On all computers in the main office. The existing Internet access rule defines user access to HTTP. Configure the Auto Configuration URL in Group Policy. What should you do? A. B. Answer: B Section: (none) . Users in the branch office can access external e-mail services by using Outlook. On all client computers. All computers in the network are members of the Active Directory domain. Replace the existing rule with two new Internet access rules. On ISA1. install Firewall Client for ISA Server 2006. The server is configured as a firewall and as a Web proxy. The network contains a server that runs ISA Server. You need to ensure that users can establish RDP connections to servers on the Internet. HTTPS. configure the Firewall Client settings to use an automatic configuration script. Users report the following: They can access the Internet by using a Web browser. HTTPS. The second rule contains RDP for All Users. The first rule contains HTTP. B. D.

enable the Cache Array Routing Protocol (CARP).fourthcoffee.com Answer: A Section: (none) Explanation/Reference: QUESTION 52 52. ISA1 provides forward Web caching. You want to achieve this goal by bypassing ISA1.com to the Application. D. C. add app1.fourthcoffee.com in DNS.fourthcoffee.com. All client computers run Firewall Client for ISA Server 2006. You create a host (A) record for isa1. You need to ensure that all computers use ISA1 as their Web proxy. wpad.woodgrovebank. ISA1 is a member of domain2.com.fourthcoffee. The network contains a server named ISA1 that runs ISA Server 2006.fourthcoffee.com. create a cache rule for app1.woodgrovebank.domain2.domain2.com wspad.fourthcoffee. You need to ensure that all users can access the Web application directly.fourthcoffee. D.com and domain2. B.com. C. The network contains an internal Web application that is accessed at http://app1. Your company has a server named ISA1 that runs ISA Server 2006.Explanation/Reference: QUESTION 50 50.com. On all client computers. A single ISA Server 2006 computer named ISA1 provides forward Web caching for all domain computers.domain2.com wpad.fourthcoffee. Your network consists of a single Active Directory domain.woodgrovebank.com wspad. On ISA1. On ISA1. On ISA1. The root domain is named fourthcoffee. add app1.com to the Domain Names list for the Internal Network object.woodgrovebank. Your network consists of an Active Directory forest that contains three domains.ini file. Which alias (CNAME) record should you create? A. What should you do? A. The child domains are named domain1. . B. Answer: C Section: (none) Explanation/Reference: QUESTION 51 51. ISA1 provides Internet access for Web Proxy applications and Winsock Proxy applications.

The array consists of two computers named ISA1 and ISA2 that run ISA Server 2006 Enterprise Edition. Remove the existing WPAD host entry. Both network segments have access to Active Directory services. Users on Segment 2 report that they are unable to access the Internet. Add a second WPAD host entry to DNS that resolves to the IP address of the ISA Server on Segment 2. and then configure two Active Directory site-based Group Policy objects to enable the auto-detect settings for each segment. and DHCP services. All client computers are joined to the domain. You need to configure the network to enable Internet access from Segment 2. and then create an option 252 entry in DHCP for each segments DHCP scope.ISA1 connects to two internal network segments named Segment 1 and Segment 2. The array has a single Configuration Storage server named CSS1. C. B. D. What should you do? A. Remove the existing WPAD host entry. Answer: C Section: (none) Explanation/Reference: QUESTION 53 53. . Ensure that the Register this connections address in DNS setting is enabled on the network interface of each segment. An access rule allows authenticated access to the Internet from both network segments. A Web Proxy Automatic Discovery (WPAD) entry is configured in DNS to resolve to the internal IP address of the ISA Server on Segment 1. The network is configured as shown in the following diagram. DNS services. Your network contains an ISA Server array.

Assign the MainIT group to the ISA Server Enterprise Administrators role. select Overwrite (restore).You back up the configuration of the ISA enterprise to a file named Backup. Run the ChangeStorageServer. Prevent IT staff in the branch office from changing the configuration of the branch office ISA Server array. When the Import Wizard prompts you for the import action. You start the Import Wizard by using the Import (Restore) option. C. D. What should you do next? A. When the Import Wizard prompts you for the import action. D. You add the user accounts for the IT staff from the main office to the MainIT group. Allow IT staff in the branch office to view firewall rules for the branch office ISA Server array. You need to ensure that you can access the ISA Server logging features and modify the ISA firewall policy. Assign the BranchIT group to the ISA Server Array Auditor role on the branch office array. Assign the BranchIT group to the ISA Server Enterprise Auditor role. Run the ChangeStorageServer. When the Import Wizard prompts you for the import action. Answer: B . Answer: D Section: (none) Explanation/Reference: QUESTION 54 54. You create two security groups named MainIT and BranchIT. What should you do? A. You add the user accounts for the IT staff from the branch office to the BranchIT group. Assign the BranchIT group to the ISA Server Array Monitoring Auditor role on the branch office array. Assign the MainIT group to the ISA Server Enterprise Administrators role. Assign the BranchIT group to the ISA Server Array Auditor role on the branch office array. You install a new server named CSS2. vbs script on both ISA1 and ISA2.vbs script on both ISA1 and ISA2. Each office contains an ISA Server Enterprise Edition array that provides firewall and proxy services. You install ISA Server 2006 on CSS2. select Overwrite (restore).vbs script on CSS2. B. Each office has an IT staff. C. Your company has a main office and a branch office. Assign the MainIT group to the ISA Server Enterprise Administrators role. CSS1 fails. Run the ChangeStorageServer. When the Import Wizard prompts you for the import action. Run the ChangeStorageServer.xml. B. Assign the MainIT group to the ISA Server Enterprise Auditor role. select Import. vbs script on CSS2. Prevent IT staff in the branch office from accessing the configuration of the main office ISA Server array. select Import. You need to configure the security of your ISA Server environment to meet the following requirements: Give the IT staff in the main office full administrative access to both ISA Server arrays.

ISA Server Enterprise Auditor ISA Server Enterprise Monitoring Auditor ISA Server Array Monitoring Auditor for Array1 ISA Server Array Auditor for Array1 Answer: D Section: (none) Explanation/Reference: QUESTION 57 57. You must achieve this goal while providing the minimum permissions possible. You need to enable a support technician to monitor log information for Array1. B. You need to give a support technician the ability to create alerts definitions. ISA Server Auditor ISA Server Full Administrator ISA Server Monitoring Auditor Windows Power User on ISA1 Answer: B Section: (none) Explanation/Reference: QUESTION 56 56.Section: (none) Explanation/Reference: QUESTION 55 55. What ISA role should you assign to the support technician? A. Your company has a main office and a branch office. C. D. You have reports that contain information about Web usage and Security content. Which rights should you assign to the support technician? A. The ISA Server provides firewall services. A DHCP server assigns the IP configuration to all client computers in the network. You manually assign the IP . You have a computer named ISA1 that runs ISA Server 2006 Standard Edition. The ISA enterprise contains two ISA Server 2006 Enterprise Edition arrays named Array1 and Array2. You want to achieve this goal while providing the minimum permissions possible. The network consists of a single ISA enterprise. B. C. Your network contains a server that runs ISA Server 2006. D. The server also segments the internal network.

Create a Web listener that uses Integrated Windows authentication. Users report that when they try to connect to the Internet they lose their connection or the connection is very slow. Disable the Block IP fragments option and enable the Enable IP routing option. Another server runs Microsoft Exchange Server 2007. Answer: A Section: (none) Explanation/Reference: QUESTION 59 59. B. Answer: C Section: (none) Explanation/Reference: QUESTION 58 58. You need to give external users access to OWA on the Exchange Server. Create a publishing rule for OWA that uses the new Web listener. Configure OWA on the Exchange server to use Integrated Windows authentication. What should you do? A. C.configuration to all servers in the network. When you run a network trace you notice that some computers lose the connection to the network when a large number of TCP sessions are established in a short space of time. Increase the Maximum concurrent TCP connections per IP address value and enable the Enable IP routing option. Create a Web listener that uses forms-based authentication. C. You need to resolve the connectivity issues. You have a server named Server1. Create a Web listener that uses forms-based authentication. Disable the Enable IP routing option and disable the Mitigate flood attacks and worm propagation option. What should you do? A. Create a publishing rule for OWA that uses the new Web listener. You also notice that the TCP packet header sequence numbers are different after passing through the ISA Server. Server1 contains a security application that scans host computers on a . Create a Web listener that uses Integrated Windows authentication. Add the IP addresses of the affected computers to the Flood Mitigation Exceptions computer group and enable the Enable IP routing option. Your network contains a server that runs ISA Server 2006. Outlook Web Access (OWA) on the Exchange server is configured to use Basic authentication. Configure OWA on the Exchange server to use forms-based authentication. B. D. Clients must re-authenticate if their session is inactive for an extended period of time. Your network contains a single computer that runs ISA Server 2006. The ISA Server is the default gateway for the internal network. D.

The domain contains one ISA Server 2006 Enterprise Edition array. You need to ensure that the security application on Server1 can successfully scan all computers on the remote network. Your network consists of a single Active Directory domain. You need to ensure that changes to the firewall policy are replicated between ISA1 and ISA2. D. Answer: C Section: (none) Explanation/Reference: .exe program to add each DNS entry to the Kerberos database. C. Reconfigure the array to use custom DNS entries for the Configuration Storage servers primary definition and alternate definition. B. You must not disable Network Load Balancing. What should you do? A. Both servers have the Configuration Storage server role installed.remote network. D. and then the ISA Server blocks all traffic for Server1. Add the new computer set to the Flood Mitigation IP Exceptions list. Disable the UDP bomb option in the Intrusion Detection settings. Reconfigure the array to use custom DNS entries for the Configuration Storage servers primary definition and alternate definition. The array contains two servers named ISA1 and ISA2. You enable integrated Network Load Balancing for the array. Run the Setspn. Both servers connect to each other by using dedicated network adapters named Adapter1 and Adapter2. Create a new computer set that includes the IP address of Server1. Answer: C Section: (none) Explanation/Reference: QUESTION 60 60. Define the operation mode of the Network Load Balancing cluster as Multicast. C. enable the Trusted for Delegation setting on ISA1 and on ISA2. In the Active Directory Users and Computers console. The security application successfully scans some computers on the remote network. B. Decrease the default value of the Maximum new non-TCP per minute per rule option that is defined in the Flood Mitigation parameters. Disable the Enable IP options filtering option in the IP Preferences settings. Add the UnicastInterHostCommSupport registry key to ISA1 and ISA2. What should you do? A.

The user account naming convention is Firstname. There are 1. One of the servers fails and some users report that they are unable to access an Internet-based application that uses a custom port. and filter by URL for values that contain the URL that Jack accessed. Update the Firewall Client settings on all users computers. C. Enable the Cache Array Routing Protocol (CARP) on the internal network. Filter by Client IP for values that equal the IP address of Jacks computer. You need to identify the ISA Server rule that allows Jack to access the blocked Web sites. A user named Jack Creasey reports that he is able to access the 10 blocked Web sites. Update the Firewall Client settings on all users computers. There is a URL set in ISA Server named Blocked Web Sites that contains the URLs of 10 Web sites. Publish the Internet-based application as a Web Server Farm. Answer: C Section: (none) Explanation/Reference: QUESTION 62 62. B. and filter by Protocol for values that equal HTTP.Creasey.QUESTION 61 61. All client computers are configured as SecureNAT clients. Filter by Rule for values that equal Blocked Web Sites. Enable Network Load Balancing on the internal network. What should you do? A. You need to ensure that all users can access the Internet-based application in the event that a single server fails. You create an Internet access rule that excludes access to the Blocked Web Sites URL set. All client computers have Firewall Client for ISA Server installed. Your network contains an ISA Server array that provides inbound and outbound firewall services. B.Lastname. You have an ISA Server array that contains two servers. D.000 users on the network. Filter by Client Username for values that contain Jack. What should you do in the ISA Server log? A. and filter by Transport for values that equal UDP. Enable Network Load Balancing on the external network. C. Filter by Client IP for values that equal the IP address of Jacks computer. and filter by Protocol for values that contain the URL that Jack accessed. The array provides Winsock Proxy access to the Internet. Answer: D Section: (none) Explanation/Reference: . D.

. The ISA Server provides forward Web Proxy services for all users. You need to create a report that lists the client operating systems that are most frequently used to connect to the ISA Server. Your network contains one ISA Server that provides Web proxy and cache capabilities. Security Summary Traffic and Utilization Web Usage Answer: D Section: (none) Explanation/Reference: QUESTION 64 64.QUESTION 63 63. Your network contains a single server that runs ISA Server 2006. Security Summary Traffic and Utilization Web Usage Answer: A Section: (none) Explanation/Reference: QUESTION 65 65. You have a server that runs ISA Server 2006. C. Which content should you include in your report? A. D. B. Which type of content should you include in the report? A. Disable the Stop selected services option of the Log Failure alert definition. The SQL database fails. C. Users report that they are unable to access the Internet. B. The ISA Server uses an SQL database server for the Firewall logs and the Web Proxy logs. You need to configure the ISA Server to ensure that Internet access is available in the event that the SQL database fails. What should you do? A. You need to create a report that shows which clients have the highest number of dropped packets. D. B. Disable the Audit: Shut down system immediately if unable to log security audits option in the local security policy.

Ensure that Encrypted File System (EFS) is disabled on the ISA Server. Create and disable a new cache rule that has HTTP caching set to Disabled. Increase the size of the Security event log and enable the Overwrite events as needed option. enable the Block high bit characters option of the HTTP policy. Include the new domain name set as the destination. Create a URL set named External Web Site and add http://www. The webmaster reports that when he updates content on the Web site the changes do not appear to take effect. D. Include the new URL set as the destination. no content will ever be cached option. C. On the HTTP tab. D.tailspintoys.tailspintoys. Create and disable a new cache rule that has HTTP caching set to Enabled. The array provides Internet access and Web caching. Create and enable a new cache rule that has HTTP caching set to Disabled. You need to prevent encrypted information from being cached on the ISA Server. Your company uses an extranet Web site.C.com. Create and enable a new cache rule that has HTTP caching set to Enabled. The Web page authoring tool indicates that the pages were updated successfully.com. Modify the Restart service after value in the Recovery tab of the Microsoft Firewall service.com. Create a URL set named External Web Site and add http://www. Include the new URL set as the destination.tailspintoys. You create a Web Publishing rule to provide user access to the extranet. What should you do? A. In the Store in Cache area. Create a URL set named External Web Site and add http://www. Your network contains a server that runs ISA Server 2006.tailspintoys. Create a domain name set named External Web Site and add www. What should you do? A. set the Set TTL of objects (% of the content age) option to 100%.com. select the Never. Your network contains an ISA Server 2006 array.com. You define a cache drive on the ISA Server. Answer: A Section: (none) Explanation/Reference: QUESTION 66 66. B. Include the new URL set as the destination. For the Web Publishing rule. A Web hosting company hosts your corporate Web site at www.tailspintoys. B. . You need to configure ISA Server to ensure that you can view recent changes to the content on the Web site. Answer: A Section: (none) Explanation/Reference: QUESTION 67 67. The Web Publishing rule uses SSL bridging.

Create a new URL set that includes www. In the cache rule. You must provide the maximum amount of storage space for the cache. disable the Cache SSL Responses option.com.cpandl.cpandl. The ISA Server provides Internet access.cpandl. one main hard disk drive. Increase the size of the cache drive.cpandl. Increase the Percentage of free memory to use for caching setting. In the cache rule. What should you do? A. B. Answer: C Section: (none) Explanation/Reference: QUESTION 69 69. Move the cache database to the new volume. A Web hosting company hosts your companys Web site at www. Create a cache rule for the new URL set. Configure the content download job to run daily. Configure the three spare hard disk drives as RAID5. disable the Cache objects even if they do not have an HTTP status code of 200 option.cpandl. Create a new URL set that includes www. In the cache rule. D. The ISA Server contains 4 GB of RAM.com.com. The Web browser on internal client computers uses www. Your network contains a server that runs ISA Server 2006. You want to achieve this goal while minimizing the usage of Internet bandwidth. For the advanced cache settings. disable the Cache SSL Responses option.C. Answer: D Section: (none) Explanation/Reference: QUESTION 68 68. The ISA Server also has Web caching enabled and uses the default settings for all other cache settings.com. D. The ISA Server provides forward Web caching for internal users. Create a cache rule for the new URL set. Create a cache rule for the new URL set.com. What should you do? A. Create a content download job to download content from www. and three spare hard disk drives. . You need to ensure that internal users can access www.com as the default home page. C. You need to configure the ISA Server to optimize the performance of the cache. decrease the TTL of objects value. Your network contains a server that runs ISA Server 2006. Create a URL set that includes the URL of the extranet.cpandl.

The Web site contains several large graphics. Create a URL set that includes the SharePoint portal URL. Decrease the Percentage of free memory to use for caching setting. Your network contains a server that runs ISA Server 2006. A Web cache database exists on the ISA Server. Enable the Block high bit characters option of the HTTP policy. Answer: C Section: (none) Explanation/Reference: QUESTION 70 70. You need to reduce the amount of time it takes users to access content on Portal1. Increase the Percentage of free memory to use for caching setting. In the cache rule. C. Move the cache database to the new volume. The Web site is accessible by using HTTP and HTTPS.com. disable the Cache SSL Responses option. Create a cache rule for the URL set. Users access an external Web site daily. Your network contains an ISA Server 2006 array.contoso. In the cache rule. D. Some users report that the Web site takes a long time to load. Your company uses a Microsoft Office SharePoint Server 2007 portal named Portal1. B. Create a cache rule for the URL set. Move the cache database to the new volume. . Increase the Percentage of free memory to use for caching option to 50%.B. D. C. enable the Caching of content received through the Background Intelligent Transfer Service (BITS) option. You define a cache drive on the ISA Server. The ISA Server has 4 GB of RAM. Users report that access to Portal1 is very slow. Create a URL set that includes the SharePoint portal URL. Move the cache database to the new volume. Decrease the Percentage of free memory to use for caching setting. Answer: B Section: (none) Explanation/Reference: QUESTION 71 71. Configure the three spare hard disk drives as RAID5. The array provides Internet access and Web caching services. You create a Web Publishing rule that allows users to access Portal1. What should you do? A. Configure the three spare hard disk drives as a stripe set. The domain name for the Web site is www. The Web cache database uses the default settings. Configure the three spare hard disk drives as a stripe set.

The ISA Server provides Internet access and is the default gateway for all computers on the network.exe program on the ISA Server. Create a new cache rule.exe.contoso. Restart the Microsoft Firewall service and then run Cachedir. The ISA Server is a member of an Active Directory domain. You install the Cachedir.com. Your company uses Web Proxy Automatic Discovery (WPAD) to configure the Web browsers proxy settings. B. What should you do? A. Users report that the external Web site www. You define a cache drive on the ISA Server. Install a valid SSL certificate in the machine certificate store of the ISA Server.com listed in the cache. D. C.You need to ensure that all users can access the Web site from the Web cache. Instruct the users to access the Web site by using the URL http://www. You create the following objects on the server: two user sets named Internet Users and Admin Internet Users a URL set named Blocked Sites that contains the URLs of Internet sites to which users should be blocked You need to configure the Firewall Policy rules on the ISA Server to meet the following requirements: Members of Internet Users must be able to access Internet Web sites. Restart the DNS Client service and then run dnstools. You run Cachedir.exe.com as obsolete in the cache. You cannot find www. Create a new cache rule.litwareinc. You need to mark www. D.exe on the ISA Server so that you can mark objects in the cache as obsolete. Enable the Cache SSL responses option.exe. except for the sites in the Blocked Sites .exe using the dump startup switch.litwareinc. Enable the Dynamic content option in the Store in Cache section.com contains outdated information. What should you do next? A. C. Run Cachedir. Your network contains a server that runs ISA Server. Answer: C Section: (none) Explanation/Reference: QUESTION 73 73. Answer: D Section: (none) Explanation/Reference: QUESTION 72 72.litwareinc. Close the ISA Server Management console and then run fwengmon. B. Your network contains a server that runs ISA Server 2006.

B. Rule 2: Allow HTTP. and FTP protocols from the Internal network to the External network. for the Internet Users user set. HTTPS. Configure the Web listener to use RADIUS OTP as the authentication method for validating client credentials. The ISA Server provides reverse proxy services. except for the Blocked Sites URL set. except for the Blocked Sites URL set. for the Internet Users user set. HTTPS. HTTPS.URL set. Rule 1: Allow HTTP. The Web server requires user authentication. Rule 1: Allow HTTP. Does not use Windows passwords for to remote access authentication. and the Admin Internet Users user set. You need to configure the ISA Server to provide access to the Web server. for the Internet Users user set. You create a Web listener. Rule 1: Allow HTTP. . and FTP protocols from the Internal network to the Blocked Sites URL set for the Admin Internet Users user set. HTTPS. Rule 2: Allow HTTP. Which set of access rules should you create? A. Rule 2: Allow HTTP. and the Admin Internet Users user set. Your network contains a server that runs ISA Server 2006. HTTPS. C. except for the Internet Users user set. HTTPS. D. Members of Admin Internet Users must be able to access all Internet Web sites. HTTPS. HTTP. except for the Blocked Sites URL set. Implements a two-factor authentication system for remote access to the Web server. and FTP protocols from the External network to the Internal network. HTTPS. How should you configure authentication for the Web listener and the Web publishing rule? A. Rule 2: Allow HTTP. and FTP protocols from the Internal network to the Blocked Sites URL set for the Admin Internet Users user set. You create a Web publishing rule that publishes the Web server. and FTP protocols from the Internal network to the External network. The network also contains a Web server that runs Internet Information Services (IIS). Configure the Web publishing rule to use NTLM authentication for authentication delegation. HTTPS. You want to achieve this goal while meeting the following requirements: Authenticates inbound traffic from applications that pass through the reverse proxy. and FTP protocols from the Internal network to the External network for the All Authenticated Users user set. Answer: B Section: (none) Explanation/Reference: QUESTION 74 74. and FTP protocols from the External network to the Internal network. for the Internet Users user set. and FTP protocols from the Internal network to the External network for the Admin Internet Users user set. Prompts users for authentication only once per session. except for the Blocked Sites URL set. and FTP must be available for all allowed sites. Rule 1: Allow HTTP.

Answer: B Section: (none) Explanation/Reference: QUESTION 75 75. Configure the Web publishing rule to use Basic authentication for authentication delegation. Configure the Web listener to use RADIUS OTP as the authentication method for validating client credentials. You select a certificate named isa2k6. Configure the Web listener to use Windows (Active Directory) as the authentication method for validating client credentials. Configure the Web listener to use Windows (Active Directory) as the authentication method for validating client credentials. (Click the Exhibit button. You create a new Web listener on the ISA Server. You configure the ISA Server to publish the Web site by using SSL bridging. Configure the Web publishing rule to use NTLM authentication for authentication delegation. You install a new Web server on your network. Configure the Web publishing rule to use Kerberos constrained delegation for authentication delegation.contoso.com from the list of available certificates. D.B. You receive the error message shown in the exhibit.) . The Web server hosts a Web site. C. Your network contains a single server that runs ISA Server 2006.

Import the isa2k6. What should you do next? A.contoso.You need to ensure that the certificate can be assigned to the new Web listener. Add the Certificates snap-in for the current user.com certificate into the Personal certificate store. Add the Certificates snap-in for the local computer. Import the Test Root certificate into the Trusted Root Certification Authorities certificate store. Answer: C Section: (none) Explanation/Reference: . Add the Certificates snap-in for the current user.contoso. Add the Certificates snap-in for the local computer. Import the isa2k6. C.com certificate into the Personal certificate store. Import the Test Root certificate into the Trusted Root Certification Authorities certificate store. B. You create a new console by using Microsoft Management Console (MMC). D.

B. Your network contains a server that runs ISA Server. Create a Web publishing rule that uses the new Web listener to forward traffic to the terminal server on port 3389. You have a terminal server on the internal network. To ensure redundancy. Configure the server publishing rule to forward traffic to the IP address of the terminal server and select Requests appear to come from the original client option. B. You need to allow users to access their e-mail remotely. D. select the Outlook (RPC) service.QUESTION 76 76. Create a server publishing rule that is bound to the external virtual IP address that uses the RDP (Terminal Services) Server protocol definition. . Create a Web listener that is bound to all external IP addresses that use SSL on port 443. the array contains two member servers. Users access their e-mail by using Microsoft Office Outlook 2007. select the Outlook Web Access service From the Exchange Publishing Rule Wizard. select the Outlook Anywhere (RPC/HTTP(s)) service Answer: D Section: (none) Explanation/Reference: QUESTION 77 77. C. Answer: D Section: (none) Explanation/Reference: QUESTION 78 78. Create a server publishing rule that is bound to the external virtual IP address that uses the RDP (Terminal Services) Server protocol definition. You need to configure the array to provide remote access to the terminal server. The array has Network Load Balancing configured on the external network only. From the Mail Server Publishing Rule Wizard. Your network contains an ISA Server Enterprise Edition array. From the Exchange Publishing Rule Wizard. From the Exchange Publishing Rule Wizard. select the ActiveSync service. Configure the server publishing rule to forward traffic to the IP address of the terminal server and select Requests appear to come from the ISA Server computer option. D. You install a certificate on the terminal server and configure the terminal server to use Secure Sockets Layer (SSL) as the security layer. The array provides publishing and reverse proxy services. The ISA Server is configured as a firewall and as a VPN gateway. Your solution must minimize the number of ports that are opened. Create a Web listener that is bound to the external virtual IP address that uses SSL on port 3389. What should you do? A. Create a Web publishing rule that uses the new Web listener to forward traffic to the terminal server on port 3389. Your network contains a server that runs ISA Server 2006. Your company uses Microsoft Exchange Server 2007 for e-mail. C. What should you do? A.

Assign IP addresses by using DHCP. SSL-to-SSL bridging publishing rule for PPTP site-to-site VPN that uses IPsec tunnel mode site-to-site VPN that uses L2TP/IPsec and Kerberos Answer: C Section: (none) Explanation/Reference: QUESTION 79 79. Contoso.) A. Assign IP addresses by using a static address pool. Answer: BD Section: (none) Explanation/Reference: QUESTION 80 80. Enable the L2TP/IPsec protocol. Your network has an ISA Server Enterprise Edition array that contains two servers. You plan to implement two-factor authentication for VPN access. Assign IP addresses by using a static address pool. C.Your company.. What should you recommend? A. Enable the PPTP protocol. D. You need to configure the array to provide VPN gateway services for remote client connections. Unencrypted password (PAP) B. Assign IP addresses by using DHCP. You need to recommend a solution that provides TCP/IP connectivity between the two networks. What are two possible ways to configure the array using the ISA Server management console? (Each correct answer provides a complete solution. Enable VPN Client Access. Users from both networks must be able to access resources on both networks. C. acquires Adventure Works. Your company has employees who require remote access to the network. B. Encrypted authentication (MS-CHAP) . The array provides firewall services and Web proxy services. Choose two. B. Ltd. Enable the PPTP protocol. Enable VPN Client Access. Enable the L2TP/IPsec protocol. Which authentication method should you choose? A. Enable VPN Client Access. Your network contains a VPN server that runs ISA Server 2006. Enable VPN Client Access. You need to identify the authentication protocol that will support your planned implementation. D. Adventure Works uses a third-party firewall and VPN solution.

You need to configure the server publishing rule to meet the security requirements. C.Create a new access rule that has only HTTP and HTTPS as the allowed protocols. which employees use to access and manage their benefits. Configure HTTP filtering and add signatures for instant messaging applications. Extensible authentication protocol (EAP) with smart card or other certificate Answer: D Section: (none) Explanation/Reference: QUESTION 81 You are the network administrator for your company. Security requirements dictate that employees must not be able to access the HR Web site from an untrusted client computer. Create a new access rule that denies all instant messaging protocols to the computer set you defined. D. D.Create a new access rule that has only HTTP and HTTPS as the allowed protocols. What should you do? A. The companys written security policy states that all HTTP traffic must go through ISA1.Unbind the HTTP filter from the HTTP protocol definition. Create a new access rule that denies all instant messaging protocols. The HR Web site has its own Windows Server 2003 Web server and its own server publishing rule on ISA1. all instant messaging traffic was allowed. Which network object should you enable? A. You need to configure ISA1 to block all instant messaging traffic and all other non-Web traffic.C. Configure HTTP filtering and add signatures for instant messaging applications. which was recently installed. Create a computer set definition for instant messaging servers on the Internet. B. Microsoft encrypted authentication version 2 (MS-CHAPv2) D. All client computers are configured as SecureNAT clients. Answer: A Section: (none) Explanation/Reference: . Delete all current access rules. The network contains an ISA Server 2004 computer named ISA1. External Local Host Quarantined VPN Clients All Protected Networks Answer: D Section: (none) Explanation/Reference: QUESTION 82 You are the administrator of an ISA Server 2004 computer named ISA1. The companys new written security policy states that only Web-based traffic will be permitted through the ISA Server. In the past. Create a new access rule that has only HTTP and HTTPS as the allowed protocols. ISA1 is connected to the Internet. The human resources (HR) department creates a new HR Web site. B. Create a new access rule that has only HTTP and HTTPS as the allowed protocols. C.

Users in the marketing department also want access to resources on the Internet. D. ISA1 is configured to allow users in the sales department access to resources on the Internet. On ISA1. The network contains an ISA Server 2004 computer named ISA1. Answer: B Section: (none) Explanation/Reference: QUESTION 84 You are a network administrator for your company. B. . ensure that the Allowed sites configuration group is enabled and add the URL of the virus update Web site to the System Policy Allowed Sites domain name set. create a new HTTP access rule that includes the VirusUpdates URL set. On ISA1. The network contains two ISA Server 2004 computers named ISA1 and ISA2. ISA1 is located in the main office and connects to the Internet. You add a new network and computers for the marketing department. Create a new domain name set named VirusUpdates that includes the URLs for the virus update Web site and the Windows Update Web site.QUESTION 83 You are the network administrator for your company. What should you do? A. You install the Firewall Client and configure the Web Proxy client on all computers in the new network. C. create a new HTTP access rule from the Internal network to the VirusUpdates domain name set. All client computers can update virus definitions from the virus update Web site. You need to ensure that ISA1 can connect to the virus update Web site and the Windows Update Web site. On ISA2. You discover that ISA1 cannot connect to the virus update Web site or the Windows Update Web site. Create a new URL set named VirusUpdates that includes the URLs for the virus update Web site and the Windows Update Web site. All client computers run Windows XP Professional. The firewall policy on ISA1 is configured as shown in the exhibit. ISA2 is located in the branch office and connects to the main office over a dedicated WAN link. ensure that the Schedule Download Jobs configuration group is enabled and create a computer set that has the IP addresses of both the virus update Web site and the Windows Update Web site. On ISA1. The company has a main office and one branch office. ISA2 can connect to the virus update Web site and the Windows Update Web site.

add a static route for the 192.168.com.1 as the default gateway. You must allow employees to access both the HR Web site and the Sales Web site from the Internet. A listener named DefaultHTTP is also configured to listen for requests on port 80 on the external interface. D.com. Inc. What should you do? A. C. add the address range for the Marketing subnet to the internal network list. .The companys network is configured as shown in the exhibit. The network contains an ISA Server 2004 computer named ISA1. ISA1 is configured to allow outbound Internet access. You verify that users in the sales department and the internal servers can still access resources on the Internet.com.1 network. On ISA1. Inc.2. The HR Web site is stored on a Web server named Web1. Web site by using the URL http://www.litwareinc. Configure the marketing computers to use 192. Configure the DNS settings of the marketing computers to use a DNS server that can resolve Internet names. You need to ensure that users in the marketing department can access resources on the Internet. B.168. Users in the marketing department report that they cannot access resources on the Internet..litwareinc. Employees access the Litware. The Sales Web site is stored on a Web server named Sales1. The Internal network contains two Web sites named HR and Sales. Answer: B Section: (none) Explanation/Reference: QUESTION 85 You are a network administrator for Litware.0.litwareinc. On ISA1. which are used by employees.

Answer: D Section: (none) Explanation/Reference: QUESTION 86 You are the network administrator for your company. C.com. Configure each rule to forward to a different internal Web server.com. which employees use to access and manage their benefits. Create one Web publishing rule by using the path /HR/* and redirect to Web1. Create one Web publishing rule by using the path /Sales/* and redirect to Web1.com Configure each rule to use the DefaultHTTP listener.com Configure each rule to use the DefaultHTTP listener.litwareinc. You need to configure the server publishing rule to meet the security requirements. What should you do? A.com/hr. Create two server publishing rules. Create one Web publishing rule by using the path /Sales/* and redirect to Sales1.litwareinc. Configure one of the Web servers to listen for HTTP requests on port 8080. You must also ensure that employees can access the Sales Web site by using the URL http://www. Create the other rule to use the DefaultHTTP listener. The network contains an ISA Server 2004 computer named ISA1. D. A. com/sales. The companys written security policy states that all HTTP traffic must go through ISA1. B. Create one of the rules to respond to requests on port 8080. D. Create two server publishing rules. C. B. External Local Host Quarantined VPN Clients All Protected Networks Answer: D Section: (none) Explanation/Reference: . and configure this rule to forward to the other internal Web server. Configure each internal Web server to listen for HTTP requests on an unused port.litwareinc.litwareinc. The human resources (HR) department creates a new HR Web site. The HR Web site has its own Windows Server 2003 Web server and its own server publishing rule on ISA1. Create one Web publishing rule by using the path /HR/* and redirect to Sales1.litwareinc.You must ensure that employees can access the HR Web site by using the URL http://www.litwareinc. Security requirements dictate that employees must not be able to access the HR Web site from an untrusted client computer. and configure this rule to forward requests to one internal Web server. which was recently installed.

You must publish this Web site while adhering to the companys security policy. B. What should you do? A. Configure an HTTP server publishing rule. ISA1 and ISA2 are members of a single enterprise array. You discover that physical disk usage is extremely high on ISA1 and Web1. The companys new. enable and configure Link Translation. ISA1 and ISA2 are each configured with a RAID-5 volume. B. You enable a cache drive on ISA1. A Web server named Web1 resides in the perimeter network. Configure an HTTP server publishing rule. Answer: D Section: (none) . Your network contains a single ISA Server 2006 computer named ISA1. The network contains two ISA Server 2004 computers named ISA1 and ISA2. C. increase the size of the cache drive. Create a Web publishing rule. Configure the rule so that requests sent to the published server forward the URLs so that they appear to come from ISA1. configure a cache drive. increase the HTTP caching Time to Live (TTL) setting to 50. What should you do? A. written security policy states that internal computer names must not be published or accessible via the Internet. You need to configure ISA Server 2004 to allow faster access to Web1. On ISA1. C. On the rule. On ISA2.QUESTION 87 You are the network administrator for your company. You need to publish a new Web site that has many internal computer names within the Web site. ISA1 is configured as the Enterprise Configuration Storage server. D. Users report that access to Web1 is very slow. Configure the rule so that requests sent to the published server forward the URLs so that they appear to come from the original client computer. enable and configure HTTP bridging. On ISA1. Create a Web publishing rule. You enable Cache Array Routing Protocol (CARP) on the Internal network on ISA1 and ISA2. On the rule. You publish an internal Web site on the array. Answer: D Section: (none) Explanation/Reference: QUESTION 88 16. D. enable a content download job for the Web sites on Web 1 On ISA2. You publish an external Web site on Web1.

Copy the Firewall Client software installation files to an intranet Web server. You install a new Web server on your network. You receive the error message shown in the exhibit. All client computers are joined to the domain. The server is configured as a firewall and as a Web proxy. Give users a shortcut to the shared folder. The Web server hosts a Web site. B. You create a new Web listener on the ISA Server. Your network contains a single server that runs ISA Server 2006. Install the Firewall Client software from the \Mspclnt shared folder on the ISA Server 2006 server to the desktop client computers. You must achieve this goal by using the minimum amount of administrative effort.contoso. Log on to each desktop client computer as an administrator. Copy the Firewall Client software installation files to a file server and share the folder as MSPCLNT. The internal network is configured to accept Web Proxy connections and Firewall client connections. Copy the Firewall Client software installation files to a file server and share the folder as MSPCLNT.com from the list of available certificates. You have a single server that runs ISA Server 2006. What should you do? A.Explanation/Reference: QUESTION 89 47. Answer: B Section: (none) Explanation/Reference: QUESTION 90 75. You need to deploy Firewall Client for ISA Server to all the desktop client computers. The network contains 300 desktop client computers. Add an entry in the network logon script to run a silent install of the Firewall Client software from the Web server to all the desktop client computers. (Click the Exhibit button.) . D. C. You configure the ISA Server to publish the Web site by using SSL bridging. Assign the Firewall Client software to all desktop client computers by using a Group Policy object (GPO). You select a certificate named isa2k6. Users only have user level privileges on their computers. Your network consists of a single Active Directory domain.

Import the isa2k6. What should you do next? A. D. Import the Test Root certificate into the Trusted Root Certification Authorities certificate store. You create a new console by using Microsoft Management Console (MMC).com certificate into the Personal certificate store. Add the Certificates snap-in for the current user. Answer: C Section: (none) Explanation/Reference: . Import the isa2k6. C. B.You need to ensure that the certificate can be assigned to the new Web listener. Add the Certificates snap-in for the local computer.contoso.com certificate into the Personal certificate store. Import the Test Root certificate into the Trusted Root Certification Authorities certificate store.contoso. Add the Certificates snap-in for the local computer. Add the Certificates snap-in for the current user.

Answer: C Section: (none) . On ISA1. On ISA1. D. Security requirements dictate that employees must not be able to access the HR Web site from an untrusted client computer. The network contains an ISA Server 2004 computer named ISA1. create a computer set that contains the marketing computers. Which network object should you enable? A. which employees use to access and manage their benefits. The companys written security policy states that all HTTP traffic must go through ISA1. B. Your network contains a single ISA Server 2006 computer. The companys written security policy states that the ISA Server logs must record the user name for all outbound Internet access. B.QUESTION 91 You are the network administrator for your company. which was recently installed. The human resources (HR) department creates a new HR Web site. The HR Web site has its own Windows Server 2003 Web server and its own server publishing rule on ISA1. You need to ensure that the marketing department users can connect to the external mail server. Configure the marketing computers with the IP address of a DNS server that can resolve external names to IP addresses. The marketing department users configure Microsoft Outlook to connect to the external mail server. External Local Host Quarantined VPN Clients All Protected Networks Answer: D Section: (none) Explanation/Reference: QUESTION 92 5. Users in the marketing department require access to an external POP3 and SMTP mail server so that they can use an alternate e-mail address when they sign up for subscriptions on competitors Web sites. Configure the marketing computers with a default gateway address that corresponds to the IP address of ISA1 on the Internal network. You need to configure the server publishing rule to meet the security requirements. which is named ISA1. C. ISA1 provides access to the Internet for computers on the Internal network. They report that they receive error messages when they attempt to read or send e-mail from the external mail server. enable Outlook in the Firewall client settings. C. What should you do? A. You examine the ISA1 logs and discover that ISA1 denies POP3 and SMTP connections from the client computers. D. You create and apply an ISA Server access rule as shown in the following display. All client computers are configured with the Firewall client and the Web Proxy client and are not configured with a default gateway. which consists of a single subnet.

What should you do? A. You need to configure the ISA Server to ensure that Internet access is available in the event that the SQL database fails. C. C. B. The network contains two ISA Server 2004 computers . You create an access rule on ISA1 that allows all users access to all protocols on the External network. Configure all network computers as Web Proxy clients. Disable the Audit: Shut down system immediately if unable to log security audits option in the local security policy. You have a server that runs ISA Server 2006. Answer: A Section: (none) Explanation/Reference: QUESTION 94 65. You need to ensure that the URLs of Web sites visited by company users are displayed in the ISA1 log files.Explanation/Reference: QUESTION 93 40. Configure ISA1 to require authentication for Web requests. The ISA Server provides forward Web Proxy services for all users. What should you do? A. You view the Firewall log and the Web Proxy filter log on ISA1 and notice that the URLs of Web sites visited by company users are not displayed. Users report that they are unable to access the Internet. The ISA Server uses an SQL database server for the Firewall logs and the Web Proxy logs. B. The SQL database fails. D. ISA1 provides Internet access for all users on the companys network. Your network contains an ISA Server 2006 computer named ISA1. Answer: A Section: (none) Explanation/Reference: QUESTION 95 You are the network administrator for your company. Disable the Stop selected services option of the Log Failure alert definition. D. Configure ISA1 to require authentication for all protocols. Modify the Restart service after value in the Recovery tab of the Microsoft Firewall service.All computers on the network are configured as SecureNAT clients. Configure all network computers as Firewall clients. Increase the size of the Security event log and enable the Overwrite events as needed option.

C. You enable a cache drive on ISA1.named ISA1 and ISA2. On ISA1. Answer: D Section: (none) Explanation/Reference: . You enable Cache Array Routing Protocol (CARP) on the Internal network on ISA1 and ISA2. On ISA1. enable a content download job for the Web sites on Web 1 On ISA2. ISA1 and ISA2 are each configured with a RAID-5 volume. Users report that access to Web1 is very slow. D. increase the size of the cache drive. What should you do? A. ISA1 is configured as the Enterprise Configuration Storage server. ISA1 and ISA2 are members of a single enterprise array. A Web server named Web1 resides in the perimeter network. configure a cache drive. You discover that physical disk usage is extremely high on ISA1 and Web1. You need to configure ISA Server 2004 to allow faster access to Web1. You publish an external Web site on Web1. increase the HTTP caching Time to Live (TTL) setting to 50. B. You publish an internal Web site on the array. On ISA2.