You work as an IT professional in an international corporation named Wiikigo. In the company, your job is to configure Microsoft Internet Security and Acceleration Server 2006. And you are experienced in performing and managing networks and operational systems. In addition, you are skilled at deploying ISA Server 2006, configuring firewall settings, and optimizing performance of the ISA Server 2006 cache. A single server that runs ISA Server 2006 is contained by the network.
A new Web server is installed on your network. A Web site is hosted by the Web server. The ISA Server is configured to publish the Web site by utilizing SSL bridging. A new Web listener is created on the ISA Server. A certificate named ISA02k6.contoso.com is selected from the list of available certificates. The error message shown in the exhibit is displayed.
You should make sure that the certificate should be assigned to the new Web listener. You utilize Microsoft Management Console (MMC) to create a new console. Which action should be performed next?

You work as an IT professional in an international corporation named Wiikigo. In the company, your job is to configure Microsoft Internet Security and Acceleration Server 2006. And you are experienced in performing and managing networks and operational systems. In addition, you are skilled at deploying ISA Server 2006, configuring firewall settings, and optimizing performance of the ISA Server 2006 cache. There is a main office in the company, and the company plans to add a branch office. There is an ISA Server 2006 computer in the main office and the new branch. You intend to utilize a site-to-site VPN to connect the main office and the branch office networks. A site-to-site VPN connection is created, and the company utilizes the L2TP over IPSec VPN protocol to connect the office networks. The company installs computer certificates on the ISA Server computer at each office. When the remote site network is created on each ISA Server computer, it is set to utilize certificates and a preshared key. The company sets the preshared key as the office name on the ISA Server computer at at each office. From the ISA Server computer at the main office, the ping command is repeatedly run to a host on the branch office network. The site-to-site VPN cannot work successfully. The Routing and Remote Access console is opened and the demand-dial interface is manually dialed. The following error message is displayed. The last connection attempt cannot work. A processing error is encountered by the security layer during initial negotiations with the remote computer, so that the L2TP connection attempt failed.
You are required to utilize the most secure IPSec authentication method possible to enable the site-to-site VPN connection. Which action should be performed?

You work as an IT professional in an international corporation named Wiikigo. In the company, your job is to configure Microsoft Internet Security and Acceleration Server 2006. And you are experienced in performing and managing networks and operational systems. In addition, you are skilled at deploying ISA Server 2006, configuring firewall settings, and optimizing performance of the ISA Server 2006 cache. You work as the network administrator in your company. Two ISA Server 2006 computers are included by the network, and the two computers are respectively named ISA01 and ISA02. There is a main office and one branch office in the company.
ISA01 and ISA02 are respectively in the main office and the branch office. ISA01 connects to the Internet, while ISA02 connects to the main office over a dedicated WAN link. Windows XP Professional is run by all client computers.
All client computers should have the ability to have virus definitions updated from the virus update Web site. The virus update Web site and the Windows Update Web site can be connected by ISA02.
You find a problem that the virus update Web site or the Windows Update Web site cannot be connected by ISA01. You can see the configuration of the firewall policy on ISA01 from the exhibit listed below.
You are required to make sure that the virus update Web site and the Windows Update Web site can be connected by ISA01.
Which action should you perform?

You work as an IT professional in an international corporation named Wiikigo. In the company, your job is to configure Microsoft Internet Security and Acceleration Server 2006. And you are experienced in performing and managing networks and operational systems. In addition, you are skilled at deploying ISA Server 2006, configuring firewall settings, and optimizing performance of the ISA Server 2006 cache. There is an ISA Server 2006 computer in the network. This computer is named ISA01. ISA01 has been configured to allow marketing department users to access resources on the Internet. Because of working requirement, users in the account department also need access to resources on the Internet. For the Account department, a new network and computers are added by you. You perform the installation of the Firewall Client and have the Web Proxy client configured on all computers in the new network. The exhibit below shows the configuration of the company network. Users in the account department report that resources on the Internet cannot be accessed by them. But you are sure that resources on the Internet can still be accessed by users in the marketing department and the internal servers. You have to solve this problem as soon as possible. That is to say, you have to make sure that resources on the Internet can be accessed by users in the account department. So what action should you perform to achieve this goal?

You work as an IT professional in an international corporation named Wiikigo. In the company, your job is to configure Microsoft Internet Security and Acceleration Server 2006. And you are experienced in performing and managing networks and operational systems. In addition, you are skilled at deploying ISA Server 2006, configuring firewall settings, and optimizing performance of the ISA Server 2006 cache. An ISA Server 2006 computer is contained by your network and the computer is named ISA01. The ISA Server 2006 which serves as a remote access VPN server for the network is a member of a workgroup. The company configures ISA01 so that only EAP authentication is accepted for VPN clients. User certificates are assigned to all VPN clients, and the user certificates are from the corporate enterprise certification authority (CA). It is reported that the network is not available to the users. The following error message is received by them. Error 691 Access was denied for the username and/or password was invalid for the domain. You are required to make sure that the network is available for VPN users. Which action should be performed?

You network contains an ISA Server 2006 computer named ISA1. You use Network Monitor to capture and analyze inbound traffic from the Internet to ISA1. You notice a high volume of TCP traffic that is sent in quick succession to random TCP ports on ISA1.
The flag settings of the traffic are shown in the following example.
TCP: Flags = 0x00:……….
TCP: ..0……=No urgent data
TCP: …0…..=Ackonwledgement field not significant TCP: ….0….=No Push function
TCP: …..0…=No Reset
TCP: ……0..=No Fin
This traffic slows the performance of ISA1.
You want to be able to create a custom alert that is triggered whenever ISA1 experiences traffic that uses invalid flag settings to discover open ports. You do not want the alert to be triggered by traffic that uses valid flag settings in an attempt to discover open ports. You want to accomplish this goal by selecting only the minimum number of options in the Intrusion Detection dialog box.
exhibit What should you do?
To answer, configure the appropriate option or options in the dialog box in the answer area.

Your network is configured as shown in the exhibit.
You are upgrading the Routing and Remote Access servers to ISA Server 2006.
You need to configure the Internal network.
Which three IP address ranges should you include? (Each correct answer presents part of the solution. Choose three.)

Your network contains an ISA Server 2006 computer named ISA1, which controls access between three segments on the network. The network is configured as shown in the exhibit.
A network address translation (NAT) relationship exists from the Internal network to the perimeter network. A Windows Server 2003 computer named DNS1 functions as a DNS server.
Web Proxy clients can access Web sites on the Internet. However, when SecureNAT clients try to access hosts on the Internet, they receive the following error message: Cannot find server or DNS error.
You need to ensure that SecureNAT clients can perform DNS name resolution correctly for hosts on the Internet. You also need to ensure that DNS name resolution is optimized for Active Directory.
First, from a SecureNAT client, you run the nslookup command and set the default server to 172.16.0.11.
From the Nslookup console, you are able to query name server (NS) resource records on the Internet.
What should you do next?

Your company has a main office and one branch office. You want to connect the main office to the branch office by using a site-to-site VPN connection. The main office has an ISA Server 2006 computer named ISA1. The branch office has an ISA Server 2006 computer named ISA2. The relevant portion of the network is configured as shown in the exhibit.
The main office network includes two network IDs: 192.168.1.0/24 and 192.168.2.0/24. The 192.168.1.0/24 network is directly connected to ISA1 and is configured as the default Internal network. The 192.168.2.0/24 network is connected to the 192.168.1.0/24 network by a router on the main office Internal network. You create two subnet network objects in the ISA Server Management console: one network for the 192.168.1.0/24 network and one for the 192.168.2.0/24 network.
The internal network adapter on ISA2 is on network ID 10.0.0.0/24. You create an access rule on ISA1 and on ISA2 to allow all traffic to and from the main office and branch office networks. You create an access rule on ISA1 to allow all traffic between the default Internal network and the branch office network. Users on network ID 192.168.2.0/24 report that they cannot connect to computers at the branch office.
You need to ensure that all users at the main office can connect to resources located on the branch office network.
What should you do?

Your network contains an ISA Server 2006 computer named ISA1, which functions as a remote access VPN server for the network. ISA1 is a member of a workgroup. ISA1 is configured to accept only EAP authentication for VPN clients. All VPN clients have been assigned user certificates from the corporate enterprise certification authority (CA). Users report that they cannot connect to the network. They state that they receive the following error message: Error 691:
Access was denied because the username and/or password was invalid for the domain. You need to ensure that VPN users can connect to the network. What should you do?