Connectivity and Proxy Server - Quiz Explanation
The answers you selected are indicated below, along with text that explains the correct answers.
1.
Your organization's internal network uses IPX/SPX as its networking protocol in order to support older NetWare file and print servers. You would also like to take advantage of protocol isolation to protect your internal network clients. You install Microsoft® Proxy Server 2.0 on a server connected to the Internet and to the internal network. You also want to take advantage of the Web-caching service provided by the proxy server. You configure the Web browsers on the internal network clients to point to the proxy server's internal IP address. However, after your installation and configuration, you get calls from users complaining that they are not able to access Internet resources. What is the most likely reason for this problem?
Please select the best answer.
A.
You must install the WinSock Client on all internal machines using IPX as their transport protocol in order to use the Web Proxy Service.
B.
You must stop and restart the Web Proxy Service on the proxy server in order for the internal network clients to connect to it.
C.
The Web Proxy Service does not support IPX connections.
D.
You must properly configure the WinSock Proxy Client software before the users can take advantage of the Web-caching feature of Proxy Server 2.0.
The correct answer is C
. Answer C is correct because the Web Proxy Service on the Proxy Server does not support IPX. If you wish to use the content caching features of Proxy Server 2.0, you must utilize the Web Proxy Service. Since IPX is the only transport protocol in use on this network, you will not be able to use the Web Proxy Service, and therefore the Web-caching features of the Web Proxy Service will not be available to users. If users depend on a browser configuration designed to use the Web Proxy Service, they will not able to access Internet resources. Answer A is incorrect because you cannot use the IPX protocol to connect to the Web Proxy Service. However, if you do want to use the SPX transport protocol, you must install the WinSock client in order to access Internet resources via the WinSock Proxy Service. Answer B is incorrect because restarting the Web Proxy Service will not allow the present configuration to work properly. Answer D is incorrect because even if you properly configure the WinSock Proxy Client software, the WinSock Client Service cannot attach to the Web Proxy Service. therefore, no access to the content-caching features of Proxy Server 2.0 will be available.
2.
You manage a network with three physical segments that have been partitioned into three logical subnets. There is an A subnet, a B subnet, and a C subnet. All users located on subnet A are management, and all users on subnet B are clerical or temporary employees. Subnet C is a DMZ where the Internet-accessible resources for your organization are placed. You wish to allow the managers and executives full access to the Internet, but you want to place strong access controls on the non-managerial staff. How could you accomplish this?
Please select the best answer.
A.
Place an edge proxy server that all segments will use to access Internet resources. Set access control based on user account in order to limit access to certain domains to particular users and groups.
B.
Place a proxy server on subnet C and limit access from Internet users to the machines located on that subnet.
C.
Place a single proxy server on the edge of subnet A, and set access controls based on user account or group to control access to particular domains.
D.
Place proxy servers on the edges of Subnet A and Subnet B. Do not configure domain filters on the proxy server on subnet A. On the proxy server on the edge of subnet B, configure domain filters that will prevent access to selected sites.
The correct answer is D.
Answer D is correct because you can place proxy servers on the edge of each subnet and create custom domain filters for each subnet. Since the filter on each proxy server will apply only to those users located on the particular proxy server's subnet, you gain a measure of control over what the domain filters apply to. Domain filters cannot be applied to selected users or security groups. Answer A is incorrect because cache filters apply across all services and cannot be applied to a particular user or group. Answer B is incorrect because subnet C is used only for servers that provide content for Internet-based users. Any access controls or domain filters placed on that proxy server will have no effect on users on subnets A and B. Answer C is incorrect because domain filters are system-wide and are not subject to per-user or -group access controls.
3.
You want to provide basic Web and FTP services to your internal network users. However, you do not want your users to be able to access all Internet sites, because management is concerned about loss of productivity related to abusive Web surfing by employees. What proxy service would provide you with just the type of access you need for the user, and also provide you a method of controlling what internal users can access on the Internet?
Please select the best answer.
A.
The WinSock Proxy Service
B.
The Web Proxy Service
C.
The SOCKS Proxy Service
D.
The NAT Service
The correct answer is B.
Answer B is correct because you can use the Web Proxy Service to provide the basic Internet services required in this scenario. You can control access via users and groups using the Web Proxy Service, and you can take advantage of domain filtering to control Internet access even further. Remember that you can control access to particular network services, such as FTP or Web, but you cannot control what content is accessible to users based on user account or security group membership.The same is true for Web-cache domain filters that you might implement. Answer A is incorrect because the WinSock Proxy Service will provide more than basic Internet services for your internal network clients. This may be an undesirable situation if your network is bandwidth-challenged and you have users that might abuse other Internet applications. Answer C is incorrect because you would not want to use the clumsy SOCKS Proxy Service when the Web Proxy Service will work better and meet your needs. The SOCKS Proxy Service provides basic SOCKS 4.3a support for UNIX and Mac users that must access Internet resources. Answer D is incorrect because there is no method of access control available outside of basic packet filtering for NAT servers. In this scenario, you would want to implement access control over what services users can access, and also create domain and cache filters to control access to Internet resources.
