<a>Review Questions</a>

<nl>
1. __RIPv2__ is the TCP/IP routing protocol supported on Windows Server
2008 running Routing and Remote Access Services that dynamically
determines routes based on information from neighboring routers
called ___RIP Neighbors____.
2. What RRAS service is used to hide private IP address networks and
provide multiple clients access to the Internet by using a single public
IP address?<ll>
a. DHCP Relay Agent
b. NAC
c. NAP
d. NAT</ll>
3. ___DHCP Relay Agent__ is the RRAS service that provides dynamic IP
addresses to subnets without a DHCP Server.
4. True or False: Using RRAS as a production router in large, heavily
trafficked networks is a recommended practice from Microsoft.
5. True or False: All Windows Server 2008 networks that use DHCP require
a DHCP relay agent to be configured using RRAS.
6. VPN connections using L2TP are often combined with __IPSec___ for a
more secure VPN connection.
7. What role does an NPS or RADIUS server perform in 802.1x
implementation?<ll>
a. Supplicant
b. Authenticator
c. Authentication server
d. Authorization server</ll>
8. When implementing 802.1x on a network, client computers are
considered which of the following components?<ll>
a. Node
b. Authenticator
c. Supplicant
d. Receiver</ll>
9. This component of an 802.1x network is responsible for requesting the
identity of a client computer?<ll>
a. Authentication server
b. Authenticator

c. Authorization server
d. Supplicant</ll>
10. __Authorization___ is used to determine what level of access a user or
client has to the network and/or resources.
11. Which of the following commands will display the current routing table
on a Windows Server 2008 computer running RRAS?<ll>
a. Show route
b. Route -p
c. Route print
d. Netsh int ip show config</ll>
12. Which tunneling protocol is built to run over HTTPS?<ll>
a. SSTP
b. L2TP/IPSec
c. PPTP
d. PPP</ll>
13. Which properties tab is used for managing NAP for VPN users
connecting to a domain?<ll>
a. VPN
b. Remote
c. Sessions
d. Dial-in</ll>
14. True or False: The NPS role service requires a third-party RADIUS server
to authenticate Windows XP and Windows Server 2003 clients.
15. __Authentication__ is used to prove that a user or client is who they
claim to be.
16. Routers that do not support this RFC cannot route DHCP broadcast
messages between networks?<ll>
a. RFC 2895
b. RFC 1524
c. RFC 1542
d. RFC 2985</ll>
17. Which of the following is not performed by the NPS?<ll>
a. RADIUS proxy
b. RADIUS server
c. RADIUS client
d. NAP</ll>
18. Which of the following is not tunneling protocol that can be used for
VPNs deployed with Windows Server 2008?<ll>
a. L2TP
b. PPTP
c. IPSec Tunneling Protocol
d. SSTP</ll>
19. You need to add a static route to your RRAS server. All traffic going to
the 10.10.10.0 /16 subnet needs to be routed to the gateway of
10.10.255.254. In addition, the route should be available if the RRAS

server is rebooted. Which of the following commands will successfully

create
a.
b.
c.
d.
e.
20. What
a.
b.
c.
d.

the route?<ll>
Route -p 10.10.10.0 mask 255.255.255.0 10.10.255.254
Route 10.10.10.0 mask 255.255.0.0 10.10.255.254
Netsh rras ipv4 set router 10.10.10.0 255.255.0.0
10.10.255.254
Route -p 10.10.10.0 mask 255.255.0.0 10.10.255.254
Route -p 10.10.10.0 mask 255.255.255.255 10.10.255.254</ll>
port does SSTP use?<ll>
3389
21
80
443</ll></nl>

<a>Projects</a>
<b>Case Project 9-1: Research the Secure Socket Layer
Protocol</b>
In this chapter, you learned about SSTP and using it as a tunneling
protocol for VPNs. Research SSTP, then describe how SSTP works
between a VPN client and server. In addition, research and describe the
operating systems that support SSTP on the client side.

Solution:
SSTP uses SSL to secure VPN traffic. Communication between VPN clients
and VPN servers takes place as follows:

<nl>
1. The SSTP client establishes a TCP connection with the SSTP server
between a dynamically allocated TCP port on the client and TCP
port 443 on the server.
2. The SSTP client sends an SSL Client-Hello message, indicating that
the client wants to create an SSL session with the SSTP server.
3. The SSTP server sends its computer certificate to the SSTP client.
4. The SSTP client validates the computer certificate, determines the
encryption method for the SSL session, generates an SSL session
key, and then encrypts it with the public key of the SSTP servers
certificate.
5. The SSTP client sends the encrypted form of the SSL session key to
the SSTP server.
6. The SSTP server decrypts the encrypted SSL session key with the
private key of its computer certificate. All future communication
between the SSTP client and the SSTP server is encrypted with the
negotiated encryption method and SSL session key.

7. The SSTP client sends an HTTP-over-SSL request message to the

SSTP server.
8. The SSTP client negotiates an SSTP tunnel with the SSTP server.
9. The SSTP client negotiates a PPP connection with the SSTP server.
This negotiation includes authenticating the users credentials with
a PPP authentication method and configuring settings for IPv4 or
IPv6 traffic.
10. The SSTP client begins sending IPv4 or IPv6 traffic over the PPP
link.</nl>

SSTP is supported as a client from Windows Server 2008 and Windows

Vista, Service Pack 1.

<b>Case Project 9-2: Creating a VPN Server for Remote

Client Access</b>
Your company has just hired a new accounting firm, P.F. Cardinal &
Associates. In order to perform its accounting tasks, you need to provide
remote access to your network to one of their employees, Cindy Bee. You
need to provide a secure method for Cindy to access the network. On CSSRV-001, create a user account for Cindy in the Badgertech.local domain
that has dial-in access and set the server up as a VPN server.

Solution:
<ul>Log onto CS-SRV-001.
In Active Directory Users and Computers, create a new user called Cindy
Bee.
Once created, view the properties of the user account and go to the DialIn tab.

Under Network Access Permission, choose Allow Access and apply

change to user account.
Install RRAS on server CS-SRV-001 using the following command:
Configure RRAS to use remote access (dial-up or VPN)</ul>

<b>Case Project 9-3: Recommending Remote

Access</b>
You have been approached by a small company, Breakaway Brothers
Touring Company, a provider of hunting excursions in northern Wisconsin.
Their tour guides are equipped with notebook computers for logging tour
details and communicating with the home office. Each guide requires a
secure method for connecting back to the home office. Guides have
mobile broadband Internet cards. However, they are often in areas
without access to cellular networks and have access only to telephone
lines. Based on their operation, what would you recommend Breakaway
Brothers implement to meet the needs of their remote users?

Recommendations include the following:

<ul>Installing a modem bank and phone lines to support dial-up
networking
Installing a broadband Internet connection to support VPN connections
Installing Windows Server 2008 Standard Edition on a server at the home
office
Installing Routing and Remote Access with support for remote dial-in
access
Configuring

user accounts

resources</ul>

Activity 9-3:

for guides

to allow

access to dial-in

What is the gateway used by default on MSN-SRV-0XX?_______

This will differ depending on how you are connected to the Internet. However, this
address will be the default gateway set on your external, or Internet, network
adapter.