Please help me understand this answer...

shamrocker98shamrocker98 Member Posts: 79 ■■□□□□□□□□
This is a practice question from MS book:

Fabricam, Inc. has asked you to implement a dial-up remote access policy for its
employees that is based on time and day restrictions. The company has the following
*Administrators can access the network 24 hours a day, 7 days a week.
*Managers cannot access the network after 6:00 P.M. and before 8:00 A.M. during
the week. They can, however, access it at any time during the weekend.
*All other employees can access the network only between 8:00 A.M. and 6:00 P.M.
on weekdays.
You create five custom remote access policies based on security groups and time
*Policy A—managers: permit
*Policy B—administrators: permit
*Policy C—weekend: deny
*Policy D—weekday 8:00 A.M. to 6:00 P.M.: permit
*Policy E—weekday 6:00 P.M. to 8:00 A.M.: deny

In which order can you apply the policies to achieve the required results? (Choose all
that apply.)

I couldn't find any information on the reason these are ordered the way they are. Why are those answers correct? How do I determine the order in which those rules are applied?

Thanks in advance for any info!



  • jasonbochejasonboche Member Posts: 167
    VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
  • shamrocker98shamrocker98 Member Posts: 79 ■■□□□□□□□□
    Thanks for the response. It doesn't exactly make it any clearer. Maybe I'm looking at it the wrong way. The website you mentioned says

    "The three policy elements are evaluated in the following order:

    * Conditions
    * Permissions
    * Profile"

    That part I think I understand, but why are the policies in this question arranged in the EXACT sequence of BDEAC or DBEAC?

    Thanks again!!

  • jasonbochejasonboche Member Posts: 167
    The way I'm reading the question and the possible answers, each of the incorrect answers (A, C, and D) would provide solutions that deny access for an administrator or manager during a time that they should have access. B and E are the only choices that correctly configure the remote access policy based on the requirement access times.

    The wording on these policies is presented in such a difficult way that it's easy to get twisted around or lost.

    Also...... a paragraph on order importance per MCSE author Alan Carter in the Windows 2000 MCSE study system ISBN: 0-7645-4701-1:

    "the remote access server processes remote access policies in the order they're listed in the RRAS console. You might want to change the order in which policies are applied. Typically, admins place the most specific policies at the top of the list, and the most general policies at the bottom of the list. If you don't order policies in this manner, but instead place policies with few conditions at the top of the list, remote users that have specially configured policies won't be assigned these policies because a more general policy will be applied first"
    VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
  • shamrocker98shamrocker98 Member Posts: 79 ■■□□□□□□□□
    That info helps a lot more. I'm going to try and wrap my head around this topic for a little while. It is confusing to me why the first two policies are "interchangable" (DBEAC/BDEAC) but the rest are in a certain order. I'll spend some more time on this. Thanks again for all of your help!
  • Danman32Danman32 Member Posts: 1,243
    This is one of those questions that you have to test each answer. Much like a subnet question.
Sign In or Register to comment.