You are a security administrator for certifyme.com. The network consists of a single
Active Directory domain named certifyme.com. All servers run Windows Server
2003.
certifyme.com provides remote access to the company network for domain users
that work from home. Users create VPN connections to a remote access server
named certifyme-SR14. certifyme-SR14 is a member server in the domain.
The authentication provider on the remote access server is Windows
Authentication.
To minimize the risk of a dictionary attack on user password, you implemented a
domain account lockout policy in Active Directory. You also configured remote
access account lockout on certifyme-SR14. The account lockout threshold in the
domain and the maximum number of failed attempts on certifyme-SR14 are both
set to four invalid logon attempts. 350-001 The account lockout counters in the domain are
reset after one hour. The account lockout counters on certifyme-SR14 are reset
after two hours.
You receive reports that several users in the domain were prevented from logging
on to the certifyme.com network because invalid remote access login attempts
locked the domain user accounts.
You need to ensure that invalid remote access logon attempts do not cause the
domain user account to lock out. You do not want to disable the domain account
lockout policy.
What should you do?
A. Configure the remote access service on certifyme-SR14 to not accept the
MS-CHAP authentication method.
Leading the way in IT testing and certification tools, www.certifyme.com
- 92 -
B. Configure the maximum number of failed attempts on certifyme-SR14 to three
invalid logon attempts. 640-802
C. Configure an account lockout policy in a GPO that is linked to the OU than contains
certifyme-SR14. Use an account lockout threshold of three.
D. Add certifyme-SR14 computer account to the Windows Authorization Access
Group security group.
Answer: B
Explanation:
Since domain lockout needs to be minimized, the best option is to allow the lockout to
occur on the remote access server. VCP-310
B: Deploy security templates by using Active Directory-based Group Policy objects
(GPOs) (10 Questions)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment