Remote Access Role Flashcards Preview

70-411 > Remote Access Role > Flashcards

Flashcards in Remote Access Role Deck (10):

What features does the Remote Access Role provide?

• A virtual private network (VPN) gateway where clients can connect to an organization’s private network using the Internet.

• Connect two private networks using a VPN connection using the Internet.

• A dial-up remote access server, which enables users to connect to a private network using a modem.

• Network address translation (NAT), which enables multiple users to share a single public network address.

• Provide routing functionality, which can connect subnets and control where packets are forwarded based on the destination address.

• Provide basic firewall functionality and allow or disallow packets based on addresses of source and/or destination and protocols.


What must be disabled while configuring RRAS?

Windows firewall


What are the five basic options for configuring RRAS through the wizard?

• Remote access (dial-up or VPN): Sets up the server to accept incoming remote access connections (dial-up or VPN).

• Network address translation (NAT): Sets up the server to provide NAT services to cli- ents on the private network that need to access the Internet.

• Virtual private network (VPN) access and NAT: Sets up the server to support incom- ing VPN connections and to provide NAT services.

• Secure connection between two private networks: Sets up a demand-dial or persistent connection between two private networks.

• Custom configuration: Enables you to choose individual services, including NAT, LAN routing, and VPN access.


PPTP (Point-to-Point Tunneling Protocol) -  7 Key Facts

Uses TCP

Encrypted using MPPE

Uses optional MS-CHAPv2 keys

Uses optional EAP-TLS keys

Easy to set up

Weak encryption

TCP Port 1723, Protocol 47


L2TP - 6 Key Facts

IPsec Method

Uses Pre-shared Key or Shared Secret

Encrypted with AES or 3DES

Uses IKE negotiation

UDP Port 500, 1701, 4500

Protocol 50


IKEv2 - 5 Key facts

IKEv2 Internet Key Exchange

Uses IPsec ESP or AH

Encryption Keys, AES 256, AES 192, AES 128, 3DES

Supports Mobility

Supported on Win 7 and Up


SSTP - 3 Key facts

Uses TCP Port 443

Passes traffic through firewalls and web proxies that block PPTP or L2TP




What are the two levels of authentication?

Computer Level - Certificates or pre-shared key

User Level - Username and Password using PPP (can be mutual)


What authentication methods are supported by Windows 8.1 and 2012 R2?

PAP - Plain text authentication

CHAP - md5 hashing

MS-CHAPv2 - Provides Mutual Auth, allows expired pw change

EAP-MS-CHAPv2 - Provies mutual auth. Allows 3rd party custom auth schemes (biomedics, smart cards)


What are alternative methods to enable logging?

• Execute the following command: Netsh ras set tracing * enabled

• Set the following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ EnableFileTracing=1