PrepAway - Latest Free Exam Questions & Answers

Which of the following options would you choose to implement a VPN solution

You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain. All domain controllers on the corporate network run Windows Server 2008 and all client computers run either Windows Vista or Windows XP Service Pack 1.
The corporate network contains 100 servers and 5,000 client computers. Which of the following options would you choose to implement a VPN solution that allows you to store VPN passwords as encrypted text and provide support for Suite B cryptographic algorithms?

Besides it should support client computers that are configured as members of a workgroup and allow automatic enrollment of certificates. (Select three. Each correct answer will form a part of the answer.)

PrepAway - Latest Free Exam Questions & Answers

A.
Upgrade the client computers to Windows Vista.

B.
Upgrade the client computers to Windows XP Service Pack 2.

C.
Implement an enterprise certification authority (CA) that is based on Windows Server 2008.

D.
Implement a stand-alone certification authority (CA).

E.
Implement an IPsec VPN that uses pre-shared keys.

F.
Implement an IPsec VPN that uses certificate-based authentication.

Explanation:

To implement a VPN solution that allows you to store VPN passwords as encrypted text and provide support for Suite B cryptographic algorithms, you need to Upgrade the client computers to Windows Vista and implement an enterprise certification authority (CA) that is based on Windows Server 2008.

Suite B cryptographic algorithms that was added in Windows Vista Service Pack 1 (SP1) and in Windows Server 2008. Suite B is a set of standards that are specified by the National Security Agency (NSA). Suite B includes Encryption algorithms.

To support client computers that are configured as members of a workgroup and allow automatic enrollment of certificates, you need to Implement an IPsec VPN that uses certificate-based authentication.

IPSec deployments can take advantage of certificate-based authentication via industry-standard x.509 digital certificates. ADCS in Windows Server2008 provides customizable services for creating and managing the X.509 certificates that are used in software security systems that employ public key technologies. Organizations can use ADCS to enhance security by binding the identity of a person, device, or service to a corresponding public key. ADCS also includes features that allow you to manage certificate enrollment and revocation in a variety of scalable environments.

Reference: Description of the support for Suite B cryptographic algorithms that was added in Windows Vista Service Pack 1 and in Windows Server 2008 http://support.microsoft.com/kb/949856

Reference: iPhone and Virtual Private Networks
(VPN)
http://images.apple.com/iphone/enterprise/docs/iPhone_VPN.pdf.


Leave a Reply