Microsoft Exam 070-227
Installing, Configuring, and Administering Microsoft Internet Security and Acceleration (ISA) Server.
For reference, you can read this book:
MCSE Training Kit: Microsoft Internet Security and Acceleration Server 2000. from Microsoft Press.
Here is Chapter and Appendix Overview:
This self-paced training course combines notes, hands-on procedures, multimedia presentations, and review questions to teach you how to install, configure, and implement Microsoft Internet Security and Acceleration Server 2000. It is designed to be completed from beginning to end, but you can choose a customized track and complete only the sections that interest you. (See the next section, "Finding the Best Starting Point For You" for more information.) If you choose the customized track option, see the "Before You Begin" section in each chapter. Any hands-on procedures that require preliminary work from preceding chapters refer to the appropriate chapters.
The book is divided into the following chapters:
The "About This Book" section contains a self-paced training overview and introduces the components of this training. Read this section thoroughly to get the greatest educational value from this self-paced training and to plan which lessons you will complete.
Chapter 1, "Introduction to Microsoft Internet Security and Acceleration Server 2000," provides an overview of the features and benefits of ISA Server.
Chapter 2, "Installing Microsoft Internet Security and Acceleration Server 2000," teaches you how to perform an ISA Server installation, including the process of planning for an installation and migrating from Proxy Server 2.0.
Chapter 3, "Configuring Secure Internet Access," teaches you how to establish secure Internet access for ISA Server clients. This includes installing and configuring clients as Firewall clients and SecureNAT clients, configuring automatic discovery, configuring Internet access through a dial-up connection, and troubleshooting Internet connectivity.
Chapter 4, "Configuring Internet Security through Access Policies," explains how to create a customized and secure Internet access policy. This chapter teaches you how to create policy elements such as schedules and destination sets that you may later use in site and content rules or in protocol rules. It also shows you how to create these rules so that you can control network traffic to and from your network. The chapter then includes a lesson describing ISA Server's packet filtering feature and how to configure packet filters suited to your network needs. Finally, the chapter explains how to configure intrusion detection in ISA Server so that you will know when someone has launched an attack against your network.
Chapter 5, "Configuring Internet Acceleration through the ISA Server Cache," teaches you how to use ISA Server as a means to accelerate Internet connectivity for server clients. This includes configuring cache properties, active caching, and scheduled content downloads.
Chapter 6, "Secure Server Publishing," teaches you how to publish servers on the Internet securely behind ISA Server. This includes publishing Web servers, mail servers, and other Internet servers (such as FTP servers).
Chapter 7, "Securing Enterprise Networks with ISA Server," teaches you how to deploy ISA Server in more complex enterprise networks, including those that require the use of virtual private networks and of a centralized, multi-tiered policy.
Chapter 8, "Secure Videoconferencing with H.323 Gatekeeper," teaches you how to deploy videoconferencing in an ISA Server network. This chapter describes how to use ISA Server's H.323 Gatekeeper as a central switch for videoconferencing calls, and how to use rules to route calls to aliases.
Chapter 9, "Monitoring and Optimizing ISA Server Performance," teaches you how to use various tools in ISA Server to monitor and optimize ISA Server behavior. This includes configuring alerts, using ISA Server logs and reports, configuring bandwidth rules, and using ISA Server Performance Monitor counters.
Chapter 10, "Troubleshooting ISA Server," introduces you to the many tools and strategies that you can use to troubleshoot problems in ISA Server behavior.
Appendix A, "Questions and Answers," lists all of the review questions from the book showing the page number where the question appears and the suggested answer.
Appendix B, "Deploying and Administering ISA Server in a Complex Network," walks you through several hypothetical installations of Microsoft Internet Security and Acceleration Server 2000 (ISA Server) Enterprise Edition to test your understanding of and ability to troubleshoot the product. Because the exam is based on both knowledge of the software and real-world experience, we strongly recommend that you study this appendix before taking MCP exam 70-227.
Appendix C, "Event Messages," is a reference used to aid troubleshooting in ISA Server. It presents the full list of Event Messages in ISA Server, along with a description of the probable cause and action necessary to remedy problems, if necessary.
A Glossary of terms related to firewalls and ISA Server is also included as a means to help you become familiar with these topics.
Sample Question and Answer (Q&A) for exam 70-227:
QUESTION 1
You are the new network administrator for Certkiller . The network includes an ISA Server computer named Certkiller 1. Certkiller 1 was configured by a previous administrator. Certkiller 1 functions as a firewall between the Certkiller network and the Internet. During a routine audit of Certkiller 1's log files, you discover that several non-standard services are installed and configured to start automatically. Your manager tells you that the previous administrator installed additional services on Certkiller 1 for monitoring and reporting purposes. Your manager wants Certkiller 1 to function only as a firewall. You want to ensure that no additional services on Certkiller 1 are opening ports on Certkiller 1. You do not want to change the status of any built-in services.
What should you do?
A. Run the nbtstat - an command. Disable any of the additional services that are listed as Registered.
B. Run the netstat -an command. Disable all services that are listening on authorized ports.
C. Run the ISA Server Security Wizard to set the system security level of Certkiller 1 to Secure.
D. Run the ISA Server Security Wizard to set the system security level of Certkiller 1 to Limited Services.
Answer: D
QUESTION 2
Certkiller network consists of a single Microsoft Windows 2000 site. It includes an ISA server enterprise array consisting of a single computer named ISA1. You install ISA server on a new computer, which you name ISA2. You decide to add ISA2 to the array on a different subnet in the same Windows 2000 site. ISA2 successfully joins the enterprise array, and the setup log file indicates that the setup was successful. Your SecureNAT and firewall client computers are still capable of accessing Internet resources through the default enterprise policies of ISA1. However, these computers cannot access Internet resources through ISA2. You must enable ISA2 to provide access to Internet resources.
What should you do?
A. Create a custom enterprise policy setting for ISA2. Enable outbound client access through the new policy.
B. Disable array-level access rules that restrict your enterprise policies.
C. Delete the ISA installation directory. Run the installation again.
D. Edit the local address table to ensure that it contains only address ranges from Certkiller network.
Answer: D
QUESTION 3
You are the administrator of Certkiller network, which includes a main office and a branch office. The branch office connects to the Internet through a Microsoft Proxy server 2.0 computer named Prx2. Prx2 is chained to another Proxy server 2.0 computer named Prx1, which is located in the main office. You upgrade Prx1 to ISA server. Now, users in both offices report that they cannot browse the Internet. You need to enable users in both offices to browse the Internet. Your
solution must involve the least possible administrative effort.
What should you do?
A. Configure your internal DNS server with a host record that points to a WSPAD.DAT file.
B. Configure your DHCP server to inform client computers of the location of a WPAD.DAT file.
C. Configure Prx1 to listen for outbound web requests on TCP Port 80.
D. Configure Prx1 to provide an automatic configuration script to Web browsers on your network
Answer: C
QUESTION 4
You are the administrator for Certkiller 's network. The network consists of a single Microsoft Windows 2000 domain named Certkiller .com. The domain contains all the user accounts. Certkiller uses an ISA Server computer to control Internet access. The ISA Server computer is a member of the domain and its not a member of an array. Users on the network use different CERN-compliant Web browsers to connect to Web sites on the Internet. The Web browsers are configured to use the ISA Server computer as a proxy server. Certkiller policy states that the ISA Server computer log files must include information about which users access which Web sites. You configure a protocol rule that allows outgoing Web requests. The rule applies to the Domain Users group. The outgoing Web requests properties of the ISA Server computer are configured to ask unauthenticated users for identification. You receive reports that some users are not able to access the Internet, while other users have no difficulty accessing the Internet. You do not want to install new Web browsers on the client computers. What should you do?
A. Change the protocol rule that allows outgoing Web requests to apply to any requests.
B. Disable the option to ask unauthenticated users for identification for outgoing Web requests.
C. Enable the option to configure listeners per individual IP address for outgoing Web requests.
D. Change the listener configuration to enable Basic authentication for outgoing Web requests.
Answer: D
QUESTION 5
You are the administrator for Certkiller 's ISA Server computers. The network contains Microsoft Windows 2000 Professional client computers and Windows 2000 Server computers. The ISA Server computers are used to control Internet access. Users on the internal network access video streams and high quality audio streams from the Internet. Certkiller policy states that the ISA Server computers must be configured to be as secure as possible, as long as Internet access is not affected. You secure the ISA Server computers by changing several of the configuration options for IP packet filters. However, users now report that they can no longer access video streams and high quality audio streams from the Internet.
What should you do?
A. Select the Enable IP routing option.
B. Clear the Enable filtering of IP fragments option.
C. Clear the Enable filtering IP options option.
D. Enable the ICMP source quence IP packet filter.
E. Enable the ICMP ping response (in) IP packet filter.
Answer: B
Multimedia is receiving in blocks = fragmented.
Installing, Configuring, and Administering Microsoft Internet Security and Acceleration (ISA) Server.
For reference, you can read this book:
MCSE Training Kit: Microsoft Internet Security and Acceleration Server 2000. from Microsoft Press.
Here is Chapter and Appendix Overview:
This self-paced training course combines notes, hands-on procedures, multimedia presentations, and review questions to teach you how to install, configure, and implement Microsoft Internet Security and Acceleration Server 2000. It is designed to be completed from beginning to end, but you can choose a customized track and complete only the sections that interest you. (See the next section, "Finding the Best Starting Point For You" for more information.) If you choose the customized track option, see the "Before You Begin" section in each chapter. Any hands-on procedures that require preliminary work from preceding chapters refer to the appropriate chapters.
The book is divided into the following chapters:
The "About This Book" section contains a self-paced training overview and introduces the components of this training. Read this section thoroughly to get the greatest educational value from this self-paced training and to plan which lessons you will complete.
Chapter 1, "Introduction to Microsoft Internet Security and Acceleration Server 2000," provides an overview of the features and benefits of ISA Server.
Chapter 2, "Installing Microsoft Internet Security and Acceleration Server 2000," teaches you how to perform an ISA Server installation, including the process of planning for an installation and migrating from Proxy Server 2.0.
Chapter 3, "Configuring Secure Internet Access," teaches you how to establish secure Internet access for ISA Server clients. This includes installing and configuring clients as Firewall clients and SecureNAT clients, configuring automatic discovery, configuring Internet access through a dial-up connection, and troubleshooting Internet connectivity.
Chapter 4, "Configuring Internet Security through Access Policies," explains how to create a customized and secure Internet access policy. This chapter teaches you how to create policy elements such as schedules and destination sets that you may later use in site and content rules or in protocol rules. It also shows you how to create these rules so that you can control network traffic to and from your network. The chapter then includes a lesson describing ISA Server's packet filtering feature and how to configure packet filters suited to your network needs. Finally, the chapter explains how to configure intrusion detection in ISA Server so that you will know when someone has launched an attack against your network.
Chapter 5, "Configuring Internet Acceleration through the ISA Server Cache," teaches you how to use ISA Server as a means to accelerate Internet connectivity for server clients. This includes configuring cache properties, active caching, and scheduled content downloads.
Chapter 6, "Secure Server Publishing," teaches you how to publish servers on the Internet securely behind ISA Server. This includes publishing Web servers, mail servers, and other Internet servers (such as FTP servers).
Chapter 7, "Securing Enterprise Networks with ISA Server," teaches you how to deploy ISA Server in more complex enterprise networks, including those that require the use of virtual private networks and of a centralized, multi-tiered policy.
Chapter 8, "Secure Videoconferencing with H.323 Gatekeeper," teaches you how to deploy videoconferencing in an ISA Server network. This chapter describes how to use ISA Server's H.323 Gatekeeper as a central switch for videoconferencing calls, and how to use rules to route calls to aliases.
Chapter 9, "Monitoring and Optimizing ISA Server Performance," teaches you how to use various tools in ISA Server to monitor and optimize ISA Server behavior. This includes configuring alerts, using ISA Server logs and reports, configuring bandwidth rules, and using ISA Server Performance Monitor counters.
Chapter 10, "Troubleshooting ISA Server," introduces you to the many tools and strategies that you can use to troubleshoot problems in ISA Server behavior.
Appendix A, "Questions and Answers," lists all of the review questions from the book showing the page number where the question appears and the suggested answer.
Appendix B, "Deploying and Administering ISA Server in a Complex Network," walks you through several hypothetical installations of Microsoft Internet Security and Acceleration Server 2000 (ISA Server) Enterprise Edition to test your understanding of and ability to troubleshoot the product. Because the exam is based on both knowledge of the software and real-world experience, we strongly recommend that you study this appendix before taking MCP exam 70-227.
Appendix C, "Event Messages," is a reference used to aid troubleshooting in ISA Server. It presents the full list of Event Messages in ISA Server, along with a description of the probable cause and action necessary to remedy problems, if necessary.
A Glossary of terms related to firewalls and ISA Server is also included as a means to help you become familiar with these topics.
Sample Question and Answer (Q&A) for exam 70-227:
QUESTION 1
You are the new network administrator for Certkiller . The network includes an ISA Server computer named Certkiller 1. Certkiller 1 was configured by a previous administrator. Certkiller 1 functions as a firewall between the Certkiller network and the Internet. During a routine audit of Certkiller 1's log files, you discover that several non-standard services are installed and configured to start automatically. Your manager tells you that the previous administrator installed additional services on Certkiller 1 for monitoring and reporting purposes. Your manager wants Certkiller 1 to function only as a firewall. You want to ensure that no additional services on Certkiller 1 are opening ports on Certkiller 1. You do not want to change the status of any built-in services.
What should you do?
A. Run the nbtstat - an command. Disable any of the additional services that are listed as Registered.
B. Run the netstat -an command. Disable all services that are listening on authorized ports.
C. Run the ISA Server Security Wizard to set the system security level of Certkiller 1 to Secure.
D. Run the ISA Server Security Wizard to set the system security level of Certkiller 1 to Limited Services.
Answer: D
QUESTION 2
Certkiller network consists of a single Microsoft Windows 2000 site. It includes an ISA server enterprise array consisting of a single computer named ISA1. You install ISA server on a new computer, which you name ISA2. You decide to add ISA2 to the array on a different subnet in the same Windows 2000 site. ISA2 successfully joins the enterprise array, and the setup log file indicates that the setup was successful. Your SecureNAT and firewall client computers are still capable of accessing Internet resources through the default enterprise policies of ISA1. However, these computers cannot access Internet resources through ISA2. You must enable ISA2 to provide access to Internet resources.
What should you do?
A. Create a custom enterprise policy setting for ISA2. Enable outbound client access through the new policy.
B. Disable array-level access rules that restrict your enterprise policies.
C. Delete the ISA installation directory. Run the installation again.
D. Edit the local address table to ensure that it contains only address ranges from Certkiller network.
Answer: D
QUESTION 3
You are the administrator of Certkiller network, which includes a main office and a branch office. The branch office connects to the Internet through a Microsoft Proxy server 2.0 computer named Prx2. Prx2 is chained to another Proxy server 2.0 computer named Prx1, which is located in the main office. You upgrade Prx1 to ISA server. Now, users in both offices report that they cannot browse the Internet. You need to enable users in both offices to browse the Internet. Your
solution must involve the least possible administrative effort.
What should you do?
A. Configure your internal DNS server with a host record that points to a WSPAD.DAT file.
B. Configure your DHCP server to inform client computers of the location of a WPAD.DAT file.
C. Configure Prx1 to listen for outbound web requests on TCP Port 80.
D. Configure Prx1 to provide an automatic configuration script to Web browsers on your network
Answer: C
QUESTION 4
You are the administrator for Certkiller 's network. The network consists of a single Microsoft Windows 2000 domain named Certkiller .com. The domain contains all the user accounts. Certkiller uses an ISA Server computer to control Internet access. The ISA Server computer is a member of the domain and its not a member of an array. Users on the network use different CERN-compliant Web browsers to connect to Web sites on the Internet. The Web browsers are configured to use the ISA Server computer as a proxy server. Certkiller policy states that the ISA Server computer log files must include information about which users access which Web sites. You configure a protocol rule that allows outgoing Web requests. The rule applies to the Domain Users group. The outgoing Web requests properties of the ISA Server computer are configured to ask unauthenticated users for identification. You receive reports that some users are not able to access the Internet, while other users have no difficulty accessing the Internet. You do not want to install new Web browsers on the client computers. What should you do?
A. Change the protocol rule that allows outgoing Web requests to apply to any requests.
B. Disable the option to ask unauthenticated users for identification for outgoing Web requests.
C. Enable the option to configure listeners per individual IP address for outgoing Web requests.
D. Change the listener configuration to enable Basic authentication for outgoing Web requests.
Answer: D
QUESTION 5
You are the administrator for Certkiller 's ISA Server computers. The network contains Microsoft Windows 2000 Professional client computers and Windows 2000 Server computers. The ISA Server computers are used to control Internet access. Users on the internal network access video streams and high quality audio streams from the Internet. Certkiller policy states that the ISA Server computers must be configured to be as secure as possible, as long as Internet access is not affected. You secure the ISA Server computers by changing several of the configuration options for IP packet filters. However, users now report that they can no longer access video streams and high quality audio streams from the Internet.
What should you do?
A. Select the Enable IP routing option.
B. Clear the Enable filtering of IP fragments option.
C. Clear the Enable filtering IP options option.
D. Enable the ICMP source quence IP packet filter.
E. Enable the ICMP ping response (in) IP packet filter.
Answer: B
Multimedia is receiving in blocks = fragmented.
0 Comments:
<< Home | << Add a comment