Forefront Contest Round One – TMG Questions

Hi folks, we will start the contest today with five Forefront TMG questions. As I mentioned in the previous post, you will need to send me the answers via Twitter using Direct Message feature. In additional to that it is also important to clarify the following points:

  • I must receive your answers within 24 hours of posting the questions for the quiz. Which means tomorrow (03/29/2011) 8:30AM Central Standard Time.
  • The first five finishers (the first five that send a Twitter DM to me – if you are not able to DM, just mention @yuridiogenes and add your answers) with more than 3 questions correct will be awarded with a bonus. Five points for all correct answers and four points for four correct answers.
  • If there is a tie at the end, there will be a tie-breaker quiz with the participants. It will be another round of questions involving all three technologies in a total of twenty questions that will be post on April 25th.

The leaderboard will look like this one:


Now let’s move on to our first quiz – Forefront TMG 2010:

Question 1) Consider the following scenario:

A Forefront TMG administrator is performing some adjustments on his infra-structure to ensure that all workstations are using TMG as Proxy. He deployed via GPO a policy that configures Internet Explorer to use as Proxy Server and also configured another policy to disable the user’s capability of changing this option. All users are using Internet Explorer 7. TMG admin also confirmed that his TMG Standard Edition is also correctly configured with a rule that allows Internet access only for the Active Directory Internet Users group.

The TMG Admin’s goal is to ensure that all workstations while browsing Internet throught TMG can use Kerberos as authentication protocol. After performing all those changes in the environment he started monitoring the behavior to validate if the authentication protocol in use was Kerberos. For his surprise the authentication protocol in use was NTLM. Why this is happening? (choose the best answer)

a. You need at least Internet Explorer 8 to make Kerberos work for Proxy authentication.

b. TMG admin must run a script on TMG to allow Kerberos authentication to work properly.

c. TMG has a wrong SPN on Active Directory.

d. The option “Require All Users to Authenticate” is selected in the Internal network.

Question 2) __________ is the only built in Forefront TMG driver that runs in Kernel mode.

a. wspsrv.exe

b. fweng.sys

c. tcpip.sys

d. isastg.exe

Question 3) After enabling HTTPS Inspection on Forefront TMG some users are experiencing problems in random sites where it says:

Error Code 502 (Proxy Error) – the certification authority that issued the SSL Server certificate supplied by a destination server is not trusted by the local computer.

It was identified a list of twenty websites that are experiencing this problem. By policy you can’t disable HTTPS Inspection, but you also need to make sure that the users are able to access those sites. What would be the fastest workaround for this situation assuming that the web sites that are experiencing these errors are authentic and trustable? (choose the best answer)

a. Add those web sites in the exemption list and choose the option “No validation” in TMG.

b. Research the CA that issued the certificate for each site, obtain the CA root certificate for each one of those and install on TMG.

c. Install TMG Client on each workstation.

d. Disable HTTPS Inspection feature.

Question 4) An user called helpdesk saying that one hour ago he was browsing Internet through TMG and he received the message below on his workstation:


He said that he closed this balloon and now this message is not showing anymore when he is browsing He is confused about traffic inspection and wants to know why he received the notification just once. The support personnel explained to the user that the traffic still getting inspected but since this notification already appeared once for this site it will stay in cache for some time and will not show up again until the cache expires or the computer gets restarted. What option below describes the default cache time for those TMG Client notifications?

a. 6 hours

b. 2 hours

c. 10 hours

d. 12 hours

Question 5) Forefront TMG is installed in a Server with two disks using the following distribution:

  • Operating System (boot and system drive): Disk 1 with 1 partition (C:)
  • Forefront TMG (all TMG files): Disk 2 with 3 partitions (D: for TMG binary files, E: for cache and F: for ScanStorage and Logging)

Users are complaining that it is too slow to download files from the Internet and sometimes it even fails. After some tests you determined that the issue does not happen if Malware inspection feature is disabled on TMG. What are the possible reasons that this could be happening? (choose the best two answers)

a. There is not enough space on disk F.

b. TMG is running out of RAM.

c. There is another process locking files on the malware temp folder.

d. Cache is corrupted.


Good luck and the answers will be posted this Friday (April 1st)!

Comments (0)

Skip to main content