JPR-934 Security, Expert (JNCIE-SEC) - Practice Questions

Question 4

The ABC.com network consists of a single Active Directory domain named ABC.com. ABC.com has its headquarters in Chicago and several branch offices at various locations throughout the country. All servers on the ABC.com network run Windows Server.

You are in the process of configuring a VPN connection between the Chicago office and a branch office in Dallas using Windows Server computers running Routing and Remote Access (RRAS).

A ABC.com written security policy states that the requirements below must be met:

• Data transmitted over the VPN must be encrypted with end to end encryption.

• The VPN connection authentication should be at the computer level rather than at user level and with no credential information transmitted over the internet.How should you configure the VPN? (Choose two.)

Select all that apply, then click Submit answer.

○
Use a PPTP connection.
○
Use EAP-TLS authentication.
○
Use a PPP connection.
○
Use MS-CHAP v2 authentication.
○
Use MS-CHAP authentication.
○
Use PAP authentication.
○
Use an L2TP/IPSec connection.

Question 5

You are one of the administrators for your company's Windows Server network. The relevant portion of the network is presented in the following exhibit.

All servers, client computers and one network print device are currently configured with static IP addresses. The network IP address is 200.10.29.0. A DHCP server has been deployed but has not yet been configured. You must configure a new scope that will provide the existing client computers with IP configurations. The new scope should support an additional 25 new client computers that will be deployed within the next two months.

Which settings should be included in the new DHCP scope? Each correct answer presents part of the solution. (Choose three.)

Select all that apply, then click Submit answer.

○
subnet mask: 255.255.255.0
○
subnet mask: 255.255.255.128
○
DHCP scope starting IP address: 200.10.29.7 DHCP scope ending IP address: 200.10.29.254
○
DHCP scope starting IP address: 200.10.29.1 DHCP scope ending IP address: 200.10.29.254
○
DHCP scope exclusion range starting IP address: 200.10.29.1 DHCP scope exclusion range ending IP address: 200.10.29.6
○
DHCP scope exclusion range starting IP address: 200.10.29.1
DHCP scope exclusion range ending IP address: 200.10.29.254

Question 6

The company consists of an Active Directory domain called ABC.com. All servers on the corporate network run Windows Server.

The network contains a server that runs Internet Authentication Service (IAS) called ABC-SR01. ABC-SR01also runs the Routing and Remote Access service to provide VPN access to the network for external users. During routine monitoring you discover that an external unauthorized user is trying to access the network through ABC-SR01.

How would you set up ABC-SR01 to log the IP addresses of the remote computers when they attempt to connect to the network using the VPN connection?

Select an option, then click Submit answer.

○
Log the details of the access attempts by the VPN users by using IAS to configure the Authentication requests option enabled in the Remote Access Logging.
○
Log the details of the access attempts by the VPN users by configuring the Routing and Remote Access service to log all IPSec connections.
○
Log the details of the access attempts by the VPN users by enabling auditing of TCP/IP.sys.
○
Log the details of the access attempts by the VPN users by enabling auditing of all Account Logon events on a domain controller.

JPR-934 – Security, Expert (JNCIE-SEC)