Infrastructure - All Lab Questions
Using the Routing and Remote Access snap-in, which of the following can be configured?
Firewall VPN Gateway Dial-up Remote Access Server LAN Routing NAT
After setting up a VPN connection on a Windows 10 system, which of the following command will help you verify the VPN connection details?
Get-VpnConnection
Which report should you generate to know the efficiency of the DFS replication?
Health
What is the default naming convention for the Network Policy Server (NPS) log file, which is stored in the c:\Windows\System32\LogFiles folder?
INyymmdd
The IPv6 addresses starting with fe80 are equivalent to which range of IPv4 addresses?
In IPv6 protocol, an address beginning with "fe80" is called a "Link-Local Address," which is similar to IPv4's "Automatic Private IP Addresses" 169.254.x.x. Both addresses are automatically generated when a Windows computer is not configured with a static IPv6 address.
How can you view the Mapping Table in Routing and Remote Access snap-in? In the General Properties under IPv4 In Ethernet properties under NAT In the Static Route Properties under IPv4 In the RIP Properties under IPv4
In the Routing and Remote Access window, under the IPv4 node, select NAT. In the right details pane, right-click on Ethernet and select Show Mappings.
What is the output of the following command: netsh interface ipv4 add dns Ethernet 192.168.0.4 index=2
Installs an alternate dns server with the IP address 192.168.0.4
What does the acronym IPAM denote?
Internet Protocol Address Management
What will happen if you manually edit the DNS zone file and then reload it in the DNS Manager?
It will apply the changes in the DNS Manager.
In a new failover relationship in the Load Balancing mode, what is the default load split between both the servers?
Local - 50; Partner - 50
Which version of Windows Server first introduced BranchCache?
Windows Server 2008 R2
When configuring a DFS namespace, which mode provides increased scalability and access-based enumeration?
Windows Server 2008 mode
If you need to enable NIC teaming on a server, which of the following minimum version of Windows Server must you have?
Windows Server 2012 R2
For you to create a Superscope, what is the minimum number of scope should already exist in DHCP server?
2
For you to set up a Windows Server 2016 system as a VPN server, how many network adapters would be required?
2
When 6TO4 is enabled, the IP address will start with which of the following number?
2002
What is the default Socket Pool size of Windows Server 2016 DNS?
2500
What is the default port used by the Secure Sockets Tunneling Protocol (SSTP) protocol for incoming connections?
443
How many hexadecimal blocks are there in an IPv6 address?
8
What is the default IP address lease period for a client on the network?
8 days
What is the minimum number of network adapters required for Network Address Translation (NAT)?
two network interface adapters: one connected to the internet, and the other facing the internal network
You receive the following message:"Current settings for this certificate template allow a client to submit a certificate request using any subject name and does not require approval by a certificate manager." What does the subject mean in this context? [Choose all that apply.]
A subject refers to a user, computer, or service to which a certificate has been issued. The Supply in the request settings simplifies the task of adding the subject name to the certificate request, as ADCS will not ask for additional information other than the computer name of the requesting client.
After creating a scope with the DHCP Options, what is the next immediate action that you must perform so that the clients can obtain the IP addresses?
Activate the scope
On a Windows Server 2016, you have configured a VPN server and enabled appropriate firewall rules. You need to assign permissions to several users to allow access to the VPN server. Which of the following snap-in should you use?
Active Directory Users and Computers
After adding the Active Directory Certification Authority and Certificate Web Enrollment, what is the next step that you must perform?
After adding the Active Directory Certification Authority and Certificate Web Enrollment in the previous task, you must now initialize these services before they can be used by users or computers that will request a certificate.
Which of the following tasks are performed by the Network Policy Server (NPS)? [Choose all that apply.]
Authentication Authorization Accounting VPN Reconnect requires the RADIUS. The Network Policy Server (NPS) is Microsoft's implementation of the Remote Authentication and Dial-in User Service (RADIUS), which can centralize the authentication, authorization, and accounting of VPN dial-in users.
If the DNS resolver queries are signed by DNSSEC, which of the following is achieved? [Choose all that apply.]
Authenticity Integrity
After installing the DHCP server on a server, what is the next step that you should perform?
Authorize the DHCP server
If you configure Internal virtual networks on a Hyper-V server, which type of virtual machine communication will be allowed?
Between virtual machines and the management operating system Between virtual machines on the same virtualization server
You have enabled IP routing on PLABSA01 after enabling the IPRouter in the registry. How will you verify whether the IP routing is enabled on the system?
By running the ipconfig /all command. When you enter the command ipconfig /all on the PLABSA01, you will notice that the output of the command displays IP Routing Enabled = Yes.
You need to create a resource record for a public-facing Web server in the DNS server. Which of the following type of resource record should you create?
CNAME
Which of the following types of attack is the DNS server being protected from by using the random port number from a Socket Pool?
Cache poisoning
Which type of attack is prevented by enabling the DNS Cache Locking feature?
Cache poisoning
Which of the following file contains the root DNS mapping?
Cache.dns
Your organization spans multiple geographical locations. The name resolution is happening with a single DNS zone for the entire organization. Which of the following is likely to happen if you continue with the single DNS zone?
Centralized Management Administrative burden Name resolution traffic goes to the single zone
What must you do to ensure that the Windows 10 client will not use the offline file cache?
Clear the offline file cache
After authorizing a new DHCP server, what must you do to ensure that the DHCP server can release IP addresses to the clients on the network?
Create a scope
Which feature prevents the proliferation of DHCP servers that offer IP addresses to computers in the network?
DHCP Guard
Which of the following two types of servers does Internet Protocol Address Management (IPAM) integrate to streamline the IP address management?
DNS DHCP
Which of the following types of attack can be prevented by using Response Rate Limiting (RRL)?
DNS Amplification
Which of the following is the benefit of Distributed File System (DFS)?
Data Redundancy
What should you do if you have a single large namespace that caters to multiple branch offices?
Delegate each zone to the DNS server to maintain the resource records (RRs) Split it into multiple smaller namespaces
Which implementation mode of BrachCache has no designated server to store the data, and each client at a remote site has its own local cache for data it downloads?
Distributed Cache mode, where there is no designated server to store the data, and each client at a remote site has its own local cache for data it downloads. Hosted mode, where a dedicated server at each remote location has BranchCache installed and enabled
To make the VPN client successfully connect to the VPN server, which of the following should you do on the client system?
Download the delta CRLs to the client's local certificate store Download the base CRLs to the client's local certificate store
What are the pre-requisites for installing DirectAccess?
Enable DHCP service Create a DNS Resource Record Install Active Directory Certificate Services Create a DirectAccess security group for client workstations Set up certificate templates for multiple names
To ensure that web servers can request a certificate from the CA server, you need to set up permissions for enrollment. Which permission should you grant to the Webserver in the Certificates console?
Enroll
Hyper-V's Virtual Network Manager offers three types of virtual networks that you can use:
External virtual networks. You can use this type when you want to provide virtual machines with access to a physical network and communicate with externally located servers and clients. Internal virtual networks. You can use this type when you want to allow network communication between virtual machines on the same virtualization server, and between virtual machines and the management operating system. Private virtual network. You can use this type when you want to allow network communication between virtual machines on the same virtualization server. A private virtual network is not bound to a physical network adapter. This type of network is useful if you want to create an isolated network environment.
After setting up a connection, when you can view the details of the connection set up between a VPN client and a VPN server, which of the following details are you likely to see?
Name of the connection IP address of the server Tunnel type used Authentication method Current status of the connection
You want to allow the network clients to connect to the Internet using a single IP address. In the Routing and Remote Access Wizard which of the following options should you choose? VPN and NAT Remote Access Server (RAS) Remote Access (dial-in or VPN) Network Address Translation (NAT)
Network Address Translation (NAT)
On a Hyper-V host, how many virtual network switches can you create that are connected to an External network?
One
Which of the following is true for Network Policy Server (NPS)?
Provides authentication of dial-in VPN users Provides authorization for access to network resources Counts the number of minutes a dial-in user spends in a remote session
What would be the mandatory information that you will require when creating a reservation for a client?
Reservation name MAC address IP address
You have enabled IP routing on PLABSA01 after enabling the IPRouter in the registry. What should you do after this?
Restart PLABSA01
After distributing the Trust Anchors (TAs) to a secondary domain controller, if you find the Trust Anchors folder to be empty in DNS Manager of the secondary domain controller, what should you do?
Restart the DNS server from the DNS Manager. If the Trust Points folder appears to be empty, restart DNS. Right-click on the DNS server, select All Tasks and select Restart. This will refresh the DNS Manager with the TAs in the Trust Anchors folder.
If the IPAM Access Status displays "Blocked" after two attempts to refresh in the server, what should you do?
Restart the server
When configuring a VPN server, which of the following configuration must be added to the second network adapter?
Static IP address DNS server
Which type of zone can redirect the DNS client to the authoritative DNS server that has authority for resolving hostnames for the given DNS zone?
Stub zone
What are some of the key factors that DNS policies that define how a DNS responds to DNS queries?
Subnet Time of Day Transport Protocol
Which of the following version of Windows Server initially introduced Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)?
The Intra-Site Automatic Tunnel Addressing Protocol, or ISATAP, is a bridge-over technology that enables IPv4-only networks and devices to communicate with their more evolved IPv6-only counterparts.In this context, an ISATAP router is an essential element of any network; it can be utilized to communicate with more advanced IPv6 networks or devices or can itself be upgraded from the current IPv4 support to IPv6 support. ISATAP is a built-in feature of Windows Server 2008 and later versions.
Which two types of packets does Secure Sockets Tunneling Protocol (SSTP) send using a Secure Sockets Layer (SSL) channel?
The Secure Sockets Tunneling Protocol (SSTP) is a VPN protocol that that sends PPTP or L2TP packets using a Secure Sockets Layer (SSL) channel. SSL encrypts a VPN connection with the use of computer certificates, which ensures confidentiality of network transmission over a public network like the internet.A key advantage of SSTP is that it provides compatibility with virtually all types of firewalls and network address translation gateways, which is not possible with other VPN protocols like L2TP. SSTP listens on TCP port number 443 for incoming connections.
For a client to connect to the DirectAccess server, which task must be completed for the client?
The client must be added to a security group.
When configuring a GPO for BrachCache, which value should you set in in the "Type the maximum round-trip network latency (milliseconds) after which caching begins" setting so that BranchCache is always used?
The value of "0" indicates that BranchCache will always be used.
To enable SSL, which of the following menu options in Internet Information Services (IIS) Manager should you choose after right-clicking the Website name?
To enable SSL, you need to right-click on Default Web Site and select Edit Bindings... from the shortcut menu.
You want to create a security key and update it all DNS servers to enable validation. What is the first step that you should perform?
Unsign the zone holding the key
What is the output of the following command? Get-DnsServerTrustAnchor -name secure.practicelabs.com -computername PLABDC01
Updates the trust points created earlier on the PLABDC01
When using an SSTP protocol, which of the property of the VPN server should you know?
VPN Server Name
If you use GlobalNames, use of which of the following can be avoided?
WINS. The GlobalNames zone feature streamlines the task of migrating a network that needs to locate computers by using just a single name without relying on Windows Internet Name Service.
If your domain name is practicelabs.com, then what would be the zone file name?
practicelabs.com.dns
If you have an IPv6 address, such as: fd09:a890:0cd3:de45:0000:0000:0000:0005 What are the two correct short forms of this IP address?
fd09:a890:cd3:de45:0:0:0:5 fd09:a890:cd3:de45::5 (Ok to drop leading zeros)
What is the default prefix used by a Link-Local IPv6 address?
fe80::
You have made a change in the Group Policy. Which command will help you immediately apply the Group Policy without restarting the user systems?
gpupdate /force
Which of the following command is likely to provide the list of Host(A) records?
ls -t a practicelabs.com
Which command should you execute to view the status of BranchCache on the client?
netsh branchcache show status all