不同域中,VPN用证书服务建立资源访问
来源:互联网 发布:淘宝销量排名找不到 编辑:程序博客网 时间:2024/06/08 06:17
QUESTION NO: 151
You are the network administrator for the Baldwin Museum of Science. Your network includes a member server named Inet1, which is connected to the Internet. Inet1 runs Windows 2000 server.
Your institution sponsors joint research projects with Trey Research, whose main laboratory is located in another city. The Trey Research network includes a PPTP server named Trey3. You need to create a demand-dial router connection to this server.
You create a virtual private network demand-dial interface on Inet1. You use a domain account to configure the dial-out credentials, accepting default settings. However, you change the VPN server type from automatic to PPTP.
When you try to connect to Trey3, you receive an error message stating that access is denied. How should you correct this problem?
A. Change the tunnel type to L2TP/IPSec. Configure an IPSec policy on Inet1 and Trey3 for pre-shared key authentication.
B. Ensure that a new user account is created on Trey3. Change the dial-out credentials on Inet1 to use the new account
C. For the dial-out account on Inet1, obtain a certificate from a commercial certificate provider trusted by the Trey Research domain.
D. Ensure that the default remote access policy is removed from Trey3. On Inet1, change the VPN server type to automatic.
Answer: C
Explanation: Three authentication methods are available when forming a VPN: Kerberos 5, certificates and preshared secret key. The two most scalable methods, Kerberos and certificates, require Active Directory. Certificate authentication also requires access to a CA (certificate authority). If the two computers are in the same domain or in a trusted domain, you can use Kerberos authentication. By obtaining a certificate from a commercial certificate provider trusted by the Trey Research domain Inet1 would be able to authenticated by Trey3.
Incorrect Answers:
A: To use pre-shared key authentication L2TP/IPSec tunnel type must be used, the registry must be edited, and the IPSec Policy must configured for the pre-shared key. The registry has not been edited.
Note: To implement the Pre-shared Key authentication method for use with a L2TP/IPSec connection we must add the ProhibitIpSec registry value to both Windows 2000-based endpoint computers. We must then manually configure an IPSec policy before a L2TP/IPSec connection can be established between two Windows 2000-based computers.
B: Inet1 and Trey3 do not belong to the same domain. Therefore Kerberos authentication is not possible.
D: Removing that the default remote access policy from Trey3 would make it harder to get remote access.
You are the network administrator for the Baldwin Museum of Science. Your network includes a member server named Inet1, which is connected to the Internet. Inet1 runs Windows 2000 server.
Your institution sponsors joint research projects with Trey Research, whose main laboratory is located in another city. The Trey Research network includes a PPTP server named Trey3. You need to create a demand-dial router connection to this server.
You create a virtual private network demand-dial interface on Inet1. You use a domain account to configure the dial-out credentials, accepting default settings. However, you change the VPN server type from automatic to PPTP.
When you try to connect to Trey3, you receive an error message stating that access is denied. How should you correct this problem?
A. Change the tunnel type to L2TP/IPSec. Configure an IPSec policy on Inet1 and Trey3 for pre-shared key authentication.
B. Ensure that a new user account is created on Trey3. Change the dial-out credentials on Inet1 to use the new account
C. For the dial-out account on Inet1, obtain a certificate from a commercial certificate provider trusted by the Trey Research domain.
D. Ensure that the default remote access policy is removed from Trey3. On Inet1, change the VPN server type to automatic.
Answer: C
Explanation: Three authentication methods are available when forming a VPN: Kerberos 5, certificates and preshared secret key. The two most scalable methods, Kerberos and certificates, require Active Directory. Certificate authentication also requires access to a CA (certificate authority). If the two computers are in the same domain or in a trusted domain, you can use Kerberos authentication. By obtaining a certificate from a commercial certificate provider trusted by the Trey Research domain Inet1 would be able to authenticated by Trey3.
Incorrect Answers:
A: To use pre-shared key authentication L2TP/IPSec tunnel type must be used, the registry must be edited, and the IPSec Policy must configured for the pre-shared key. The registry has not been edited.
Note: To implement the Pre-shared Key authentication method for use with a L2TP/IPSec connection we must add the ProhibitIpSec registry value to both Windows 2000-based endpoint computers. We must then manually configure an IPSec policy before a L2TP/IPSec connection can be established between two Windows 2000-based computers.
B: Inet1 and Trey3 do not belong to the same domain. Therefore Kerberos authentication is not possible.
D: Removing that the default remote access policy from Trey3 would make it harder to get remote access.
- 不同域中,VPN用证书服务建立资源访问
- Ubuntu 用 pptp 建立 vpn 服务
- Ubuntu 建立 VPN 服务
- 不同应用程序域中访问数据!(反射)
- Web客户端Js访问不同域中数据的解决方法
- teamviewer vpn+xp vpn服务实现在家访问公司内部局域网
- teamviewer vpn+xp vpn服务实现在家访问公司内部局域网
- java 访问不同资源方式
- 配置和启用VPN远程访问服务
- VPN建立
- ipsec/l2tp vpn配置firewall 访问内网资源
- 部署Windows Server 2003中的远程访问VPN服务
- 部署Windows Server 2003中的远程访问VPN服务
- 通过VPNC访问CISCO的VPN服务过程记录
- 用XP系统来建立VPN服务器
- Tomcat配置多域名,多证书访问不同的项目
- L2TP(vpn+证书)
- java程序访问不可信(自颁发证书)ssl http 资源
- Log4j日志管理系统简单使用说明
- Log4j简明手册
- HTML 标记一览
- 北京烤鸭烤的已是英国鸭 中国物种资源遭窃取
- Spring 编程入门十大问题解答
- 不同域中,VPN用证书服务建立资源访问
- 孤单地2005
- Simulating Ocean Water
- 银行员工的私房笑话
- 收藏的一些GIS网站 与大家共享
- 无忧脚本
- 阿信的JavaScript开发站点
- Hibernate 简化继承映射
- 小林:徒手攀登高峰