You work as the network administrator for citycentral.com. You have recently
received instruction to start designing an authentication strategy that will be used to
strengthen the current network security. The solution you are designing must
ensure you meet the requirements of City Central Utilities.
What should you do? (Each correct answer represents a part of the solution. Choose
TWO.)
A. Configure all computers in the Finance department to use PEAP authentication.
B. Issue smart cards and smart card readers to all users and computers.
C. Install user certificates on all computers.
Leading the way in IT testing and certification tools, www.certifyme.com
- 16 -
D. Configure the domain to require smart cards during logon for all users.
E. Configure the domain to respond to requests for IPSec encryption.
F. Configure the domain to require NTLMv2 authentication.
Answer: B, D
Explanation: Following are the relevant information regarding an authentication
strategy for the tightening of network security as described in the case study:
1. In response to this City Central Utilities wants the network design to be modified to
increase the security and resolve the issues specified in the audit.350-001 City Central Utilities
also wants any configurations to be centrally defined and applied to the network domain
controllers and network server as well as client computers when possible.
Smart cards provide a secure method of logging on to a Windows Server 2003 domain. It
is a credit-card-sized device that is used to securely store public and private keys,
passwords, and other types of personal information.640-802 To use a smart card, you need a
smart card reader attached to the computer and a personal identification number (PIN) for
the smart card. In Windows Server 2003, you can use smart cards to enable
certificate-based authentication and SSO to the enterprise.
The smart cards "force" the employee to use the asymmetric key and a PIN to
authenticate.
Making use of smart cards and smart card readers and configuring the domain to require
smart cards during logon implementing two-factor authentication as is required in the
case study.
Incorrect answers:
A: Protected EAP authentication doesn't provide any authentication itself.VCP-310 Instead, it
relies on external third-party authentication methods that you can retrofit to your existing
servers. This is not what is required.
C: Making use of user certificates is not going to enforce two-factor authentication.
E: Configuring all computers to respond to requests for IPSec encryption is not going to
enforce two-factor authentication.
F: Depending on the operating system in use, the clients might not be able to use the
NTLM v2 authentication protocol. If they cannot and there is an account on the secured
server that the down-level client needs to access, it will be unable to do so.
Reference:
Elias N. Khnaser, Susan Snedak, Chris Peiris and Rob Amini, MCSE Designing Security
for a Windows Server 2003 Network Exam 70-298 Study Guide, Chapter 2, p. 74
Leading the way in IT testing and certification tools, www.certifyme.com
- 17 -
Deborah Littlejohn Shinder, Dr. Thomas W. Shinder, Laura E. Hunter & Will Schmied,
MCSA/MCSE: Exam 70-290: Managing and Maintaining a Windows Server 2003
Environment Study Guide & DVD Training System
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment