You work as the network administrator at Certifyme.com. The Certifyme.com
network consists of a single Active Directory domain named certifyme.com. All
servers on the Certifyme.com network run Windows Server 2003 and all client
computers run Windows XP Professional.
The Certifyme.com network contains a Web server named CERTIFYME-SR05 that
hosts Certifyme.com's default Web site.
350-001 You have assigned a Web server certificate
to the default web site. You have created a virtual directory under the default Web
site called WebApp.640-802 Only users with a valid certificate should be allowed to access
WebApp, and only https should be used to make connections to WebApp.
A freelancer named Rory Allen recently accessed WebApp from a client computer
with the IP address of 192.168.100.67/26.
VCP-310 You are informed that users from that
particular subnet should not be allowed to access WebApp any longer.
You need to ensure that the appropriate configuration changes are made, while also
ensuring that these changes do not affect access to the default web site or any of the
other virtual directories.
What should you do? To answer, configure the appropriate options to meet these
requirements in the simulation.
Answer:
Open Administrative Tools by clicking Start, Programs, and then Administrative Tools;
or Start, Control Panel, and then Administrative Tools.
Leading the way in IT testing and certification tools, www.certifyme.com
- 21 -
In Administrative Tools, open Internet Information Services (IIS) Manager to open the
IIS Management console.
Leading the way in IT testing and certification tools, www.certifyme.com
- 22 -
In the right-hand pane of the IIS console, expand the CERTIFYME-SR05 (local computer)
node, the Web Sites node, and then the Default Web Site node.
Leading the way in IT testing and certification tools, www.certifyme.com
- 23 -
Under the Default Web Site node, right-click on WebApp and select Properties from the
pop-up menu.
Leading the way in IT testing and certification tools, www.certifyme.com
- 24 -
In the WebApp Properties dialog box that appears, click on the Directory Security tab.
Leading the way in IT testing and certification tools, www.certifyme.com
- 25 -
In the Secure Communications section of the Directory Security tab, click the Edit
button to open the Secure Communications dialog box.
Leading the way in IT testing and certification tools, www.certifyme.com
- 26 -
In the Secure Communications dialog box, select the Require SSL check box and the
Require client certificates radio button. Then click OK.
Leading the way in IT testing and certification tools, www.certifyme.com
- 27 -
In the Authentication and Access Control section of the Directory Security tab, click
the Edit button to open the Authentication Methods dialog box.
Leading the way in IT testing and certification tools, www.certifyme.com
- 28 -
In the Authentication Methods dialog box, clear the Enable Anonymous Access check
box and click OK.
Leading the way in IT testing and certification tools, www.certifyme.com
- 29 -
In the IP Address and Domain Name Restrictions section of the Directory Security tab,
click the Edit button to open the IP Address and Domain Name Restrictions dialog
box.
Leading the way in IT testing and certification tools, www.certifyme.com
- 30 -
In the IP Address and Domain Name Restrictions dialog box, select the Granted Access
radio button next to the By default all computers will be: option and click the Add button
in the Except the following: section.
Leading the way in IT testing and certification tools, www.certifyme.com
- 31 -
In the Deny Access dialog box that appears, select the Group of Computers radio button
and enter the network address 192.168.100.64 in the Network ID text box, and enter
255.255.255.192 in the subnet mask text box. Then click OK to close the Deny Access
dialog box.
Leading the way in IT testing and certification tools, www.certifyme.com
- 32 -
Click OK on the IP Address and Domain Name Restrictions dialog box to close the IP
Address and Domain Name Restrictions dialog box.
Leading the way in IT testing and certification tools, www.certifyme.com
- 33 -
Finally, click OK on the WebApp Properties dialog box to close the WebApp Properties
dialog box
Explanation: In this scenario, the WebApp virtual directory has been created under
the default Web site, which has a Web server certificate assigned to it. You have to
ensure that users connect to WebApp using only https. You have to configure this
restriction on the WebApp virtual directory, not the default Web site.
Leading the way in IT testing and certification tools, www.certifyme.com
- 34 -
Enabling Require SSL and will ensure that users use only https. Enabling Require client
certificates and clearing the that only users with Enable Anonymous Access check box
will ensure that only users with valid certificates are able to access WebApp.
Configuring restrictions for the 192.168.100.64 IP address and 255.255.255.192 mask
will ensure that users on the same subnet as the computer that Rory Allen used to access
WebApp are not allowed to access WebApp any longer.
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment