You are a network adminstrator for your company. You install an intranet application on three Windows Server 2003 computers. You configure the servers as a Network Load Balancing cluster. You configure each server with two network adapters. One network adapter provides client computers access to the servers. The second network adapter is for cluster communications. Cluster communications is on a separate network segment. The network team wants to reduce the cluster’s vulnerability to attack. These servers need to be highly available. The network team decides that the Network Load Balancing cluster needs to filter IP ports. The team wants the cluster to allow only the ports that are required for the intranet application. You need to implement filtering so that only the intranet application ports are available on the cluster. You need to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A.
Use TCP/IP filtering on each server. Configure only the intranet application ports on the network adapter that provides client computers access to the servers.
B.
Configure Routing and Remote Access on each server. Use Routing and Remote Access input filters to allow only the intranet application ports on the network adapter that provides client computers access to the servers.
C.
Use TCP/IP filtering on each server. Configure only the intranet application ports on both of the network adapters.
D.
Use Network Load Balancing Manager to configure port rules. Allow only the intranet application ports on the cluster IP address.
Explanation:
The Port Rule tab, in the NLB Properties sheet, lets you specify the Port Rules used for your NLB cluster. These settings enable you to control how your NLB cluster will function under load.IP address filtering is useful for protecting part of a private network from users on the other parts. You can create filters that give only certain computers access to the protected LAN, while preventing all others from accessing it.
“A Composite Solution With Just One Click” – Certification Guaranteed 134 Microsoft 70-293 Exam
Reference:
Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, 2004, Chapter 12.