Routing and Remote Access / Direct Access (DA)
Because these notebook computers are frequently taken on sales visits to client sites, you have decided to implement DirectAccess on your network. You run the setup for DirectAccess on the DA1 server with the following configuration: - - - - You need to configure the client computers for the DirectAccess connection. What should you do?
Add the computer account for each client computer to the DirectAccessGroup security group
The main office contains a server named RRAS1 that has been configured to provide DirectAccess connectivity for clients. Clients complain that when they connect via DirectAccess, they are not able to resolve intranet names. What should you do?
Check for westsim.com in the Name Resolution Policy Table
The main office contains a server named RRAS1. You are in the process of configuring RRAS1 to support DirectAccess connections. You need to configure RRAS1 to allow IPv6 connectivity for the clients to RRAS1 for the purpose of DirectAccess. What should you do?
Configure Windows Firewall with Advanced Security to allow ICMPv6 Echo Requests
You are the network administrator for a small company using Windows Server 2016 and Windows 10 clients. A few of the company's employees want to work from home occasionally. You have decided to provide access using a VPN. What should you do?
Configure a remote access VPN
You need to implement a solution that accomplishes the following: -All communications sent to the private network over the internet are encrypted -Clients computers authenticate with application servers on the intranet -Following authentication, traffic on the intranet is not encrypted What should you do? (Select two.)
Configure selected server access (modified end-to-edge) Upgrade application servers to Windows Server 2008 R2 or newer
Your company has a number of product specialists who travel to remote areas. The product specialists complain that their internet connections frequently fail, forcing them to reconnect to the company VPN server. The server and the clients use the L2TP with IPSec VPN protocol. You need to improve VPN perfromance by allowing the clients to automatically reconnect to the company VPN if the clientss internet connection should fail. What should you do?
Configure the VPN connection to use the Internet Key Exchange version 2 (IKEv2) VPN protocol
westsim.com has a number of product specialists who travel to remote areas. The product specialists complain that their internet connections frequently fail, forcing them to reconnect to the company's VPN server. The server and the clients use the L2TP with IPSec VPN protocol. You need to improve VPN performance by allowing the clients to automatically reconnect to the company VPN if the client's internet connection should fail. What should you do?
Configure the VPN connection to use the Internet Key Exchange version 2 (IKEv2) VPN protocol
You want to use the laptop to connect to your corporate intranet while you are at home or traveling. Your solution should meet the following requirements: - - - - - Which feature should you implement?
DirectAccess
DirectAccess has been configured on your network and all remote users are using DirectAccess to connect to the network. However, the remote users are complaining that their internet connections are slow when they browse the web. What should you do?
Disable Force Tunneling
You want to create a connection profile using the Connection Manager Administration Kit (CMAK) wizard. To create a connection profile that will work on the 32-bit system, what must you do?
Download, install, and run Remote Server Administration Tools for Windows 10 and run it from a 32-bit machine
Your company has already purchase a public IP address and does not want to purchase any additional public IP addresses. You have decided that implementing NAT on your Windows 2016 server is the best solution. Which of the following types of NAT implementation would best work for this situation?
Dynamic NAT
You've been instructed to interconnect the two offices. You install the Routing and Remote Access service on one of the Windows Server 2016 computers in your local office and on one of the Windows Server 2016 computers in the remote office. You can successfully ping between the two devices. However, you cannot connect to resources on the other side of the remote access server. What should you do? (Select two.)
Enable LAN routing on both access servers Configure a static route on each remote access server to other network
The main office contains a server named RRAS1, which is configured to provide DirectAccess connectivity for clients. A group named DirectAccess Clients is enabled for DirectAccess. Users complain that they are unable to connect to the internal network using DirectAccess. You need to ensure that the users can connect to RRAS1 using DirectAccess. What should you do?
In Active Directory Users and Computers, add users' computer accounts computers to the DirectAccess Clients group
You configure a Windows Server 2016 as a router. During a random check one day, you notice that some connections are using PPTP while others are using L2TP. You want to force all connections to use L2TP. What should you do?
In Routing and Remote Access, edit the Ports node. Disable remote access and demand-dial routing connections for PPTP
The next day, you get a call from one of the users reporting that she can connect to the remote access server, but can't access any resources on the company network. You ask her to ping a server on the private network using its IP address, but the ping fails. However, from the remote access server, you can access all resources on the private network. What should you do?
In Routing and Remote Access, enable LAN routing on the server
You want to use DirectAccess to connect the computer to your corporate intranet. You will use Group Policy to enforce DirectAccess settings on the client. What should you do to configure the laptop for the DirectAccess connection?
Join the computer to a domain
VPN tunneling protocols encrypts packet contents and wraps them in an unencrypted packets. Which of the following networking devices or services prevents (in most cases) the use of IPsec as a VPN tunneling protocol?
NAT
You would like to implement DirectAccess on your corporate network. Which of the following is not an infrastructure requirement for using DirectAccess?
Network access for files server role
You want to use DirectAccess to connect the computer to your corporate intranet from home. Your home network is connected to the internet with a single public IP address and NAT. Firewalls between your network and the intranet allow only HTTP and HTTPS traffic. What should you do to configure the laptop for the DirectAccess connection?
Obtain a computer certificate for the laptop
You decide to implement SSTP for the VPN solution. Your company security policy mandates that only necessary firewall ports be opened. What should you do?
Open port 443 in the firewall
You plan to implement DirectAccess to support encrypted connections from remote clients to the internal network. A server named RRAS1 will provide DirectAccess connections for the clients. The DirectAccess clients will use IP-HTTPS connections. Certificates for the DirectAccess clients and servers will be issued by an Enterprise root CA named CA1. You need to configure CA1 to support DirectAccess clients. What should you do?
Publish the CA1 Certificate Revocation List (CRL) on a server in the perimeter network
You are configuring routing on a Windows Server 2016 system. The server has two network interfaces installed. Each one is connected to a different network segment. You have installed and enabled the Routing and Remote Access role on the server. Rather than manually configure static routes on the server, you want to configure it to communicate with other routers already in the network to dynamically build its routing table. Click on the routing protocol you would use to do this.
RIP Version 2 for Internet Protocol
The salesmen have been complaining that with the previous VPN solution, there were many times that they were unable to establish the VPN solution because the hotel or airport firewalls blocked the necessary VPN ports. You need to come up with a solution that will work in most instances. Which VPN method should you choose?
Secure Socket Tunneling Protocol (SSTP)
The company president has asked you to provide a private persistent connection between all sites making the computer resources from each location available to employees at the other locations. You have decided to provide the required connections using VPN. Which type of VPN would best meet the specified requirements?
Site-to-site
You are the network administrator for a small company that implements NAT to access the internet. However, you recently acquired five servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new servers but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these five servers?
Static
You have a small network at home that is connected to the internet. On this network, you have a server with the IP address of 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network. You want to configure the server as a web server and allow internet hosts to contact the server to browse a personal website. What should you use to allow access?
Static NAT
Your company has just opened a branch office in a different part of the country. To provide access to network resources between sites, you have determined that a Windows Server 2016 site-to-site VPN using a Remote Access Services (RAS) gateway would work best for your needs. Before creating the site-to-site VPN, what must you install first? (Select two.)
The Remote Access role The DirectAccess and VPN (RAS) role service
Which of the following are good reasons to enable NAT?
To translate between internet IP addresses and the IP addressees on your private network
Match the type of VPN with its description
Two hosts establish a secure channel and communicate directly - Host-to-host Routers on the edge of each site establish a VPN with the router at the other lcoation - Site-to-site Allows individual users to establish secure connections with a remote computer network -Remote access
You need to configure a new VPN connection on the 50 laptops used by the sales team members. You need to configure the VPN connection to only use Point-to-Point Tunneling (PPTP) with the maximum strength encryption. You want to do this with the least amount of effort as possible. What should you do?
Use the Connection Manager Administration Kit (CMAK) to create a profile. Save the profile to a network share. Have each sales team member run the installation file.
A routine audit of help desk tickets reveals that almost 5% of the tickets logged with the help desk relate to incorrect VPN settings on the laptops being used by the product specialists. You need to streamline the creation of VPN connections to reduce the number of configuration errors on the clients. What should you do?
You should use the Connection Manager Administration Kit (CMAK) to create a service profile that will connect the Product Specialists to the company VPN.
