You work as the network administrator at certifyme.com. The certifyme.com
network consists of a single Active Directory domain named certifyme.com. All
domain controllers and member servers on the certifyme.com network run
Windows Server 2003. Half of the client computers run either Windows XP
Professional or Windows 2000 Professional. The other half runs either Windows NT
4.0 Workstation or Windows 98. 350-001
The certifyme.com written security policy only allows Kerberos and NT LAN
Manager Version 2 (NTLMv2) authentication protocols to be used for access
authentication to resources. To this end you perform the configurations to comply
with the certifyme.com written security policy.
Leading the way in IT testing and certification tools, www.certifyme.com
- 111 -
While monitoring network traffic, you notice that network connection made from
only Windows XP Professional and Windows 2000 Professional client computers are
authenticated through Kerberos or the NTLMv2 authentication protocol. No
connections initiated from client computers running Windows NT 4.0 Workstation
and Windows 98 are authenticated through either of the approved authentication
protocols.
You need to ensure that all client computer operating systems comply with the
certifyme.com written security policy with the least amount of administrative effort
Take care not to incur any additional unnecessary expenses.
What should you do? (Each correct answer presents only part of the complete
solution. Choose TWO.)
A. Install Active Directory client software on all Windows 98 client computers.
B. Install Active Directory client software on all Windows NT 4.0 Workstation client
computers. 640-802
C. Install the latest service pack on all Windows NT 4.0 Workstation client computers.
D. Install the latest service pack on all Windows 98 client computers.
E. Upgrade all Windows NT 4.0 Workstation and Windows 98 client computers to
Windows XP Professional.
Answer: A, C
Explanation: Active Directory client software must be installed on all Windows 98
client computers if you want these computers to authenticate using NTLMv2.
Kerberos authentication can be used by clients and servers running the following
operating systems (OSs): Windows 2000, Windows XP Professional, and Windows
Server 2003. Windows 2000, Windows XP Professional, and Windows Server 2003
computers who are members of a Windows 2000 or Windows Server 2003 domain
use the Kerberos protocol for network authentication for domain resources. This is
the default configuration for these domains. When a down level client attempts to
access a Kerberos secured resource, NTLM authentication is used; and not
Kerberos authentication. Kerberos authentication though offers improved security
over the standard NTLM authentication protocol. VCP-310
NTLM authentication protocol employs the challenge-response authentication strategy
(the user is challenged to supply unique confidential information) to authenticate the
users/computers running Windows Me OS, earlier OSs, and computers running Windows
2000 or later who are not domain members. NTLMv2 uses 128-bit encryption for
security, and is usually used to connect to servers running Windows 2000, Windows XP
and Windows NT with Service Pack 4 or later.
Leading the way in IT testing and certification tools, www.certifyme.com
- 112 -
Incorrect Answers:
B: You do not have to install Active Directory client software on all Windows NT 4.0
Workstation client computers to enable them to authenticate using NTLMv2. Only
Service Pack 4 or later has to be installed on the client computers.
D: Windows 98 client computers need to have Active Directory client software
installed before they will be able to participate in NTLMv2 authentication.
E: There is no need to upgrade your older client computer operating systems before they
can use NTLMv2. This is unnecessary and would require more administrative effort than
just installing the necessary components for Windows NT 4.0 Workstation and Windows
98 client computers
Reference:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment