Chap 13
You need to configure access using Remote Desktop Gateway you have opened port 443 in the external firewall. Which port should you open in the internal firewall?
3389
Which of the following ports does TACACS use?
49
Which of the following BEST describes a WAP?
A Windows Server service that allows users to use any device to access applications from outside the corporate network.
Which of the following are items needed to implement an Azure Network Adapter?
A connection to Azure for WAC server. Azure subscription with active account.
Which of the following are items needed to implement an Azure extended network? (Select two.)
A firewall configured to allow for asymmetric routing. Site-to-Site (S2S) VPN connection or the Azure express connection.
Which of the following BEST describes Node.js?
A free (open-source) backend runtime environment that works across multiple platforms.
Which of the following BEST describes an Azure network adapter?
A point-to-site (P2S) VPN connection
Which of the following BEST describes a network policy?
A set of conditions, constraints, and settings used to authorize which remote users and computers can or cannot connect to a network.
When implementing an Azure extended network, you need a pair of Windows Server VMs. Both VMs act as virtual appliances. Drag the VM type on the left to the proper connections on the right. (You can use a VM type more than once.)
A virtual network adapter to the routable subnet. On-premise Second network interface to the extended subnet. In the cloud A second virtual network adapter to the extended subnet. On-premise Primary network interface to the routable subnet. In the cloud
Which of the following BEST describes an Azure relay?
Allows for scoping instead of the shotgun approach of a VPN connection.Which of the following BEST describes Node.js?
Which of the following BEST describes split DNS?
Allows the same name to resolve to different IP addresses.
With RADIUS, network managers can centrally manage connection authentication, authorization, and accounting (sometimes referred to as AAA) for many types of network access, such as VPN or wireless access points. Which of the following options best describes authorization?
Allows users to use specific network services or connect to specific network resources.
What is the primary purpose of RADIUS?
Authenticate remote clients before access to the network is granted.
Which of the following features are used by clients and provided by the RADIUS server? (Select three.)
Authorization Authentication Accounting
You manage the remote access solution for your network. Currently, you have 10 remote access servers named RA1 through RA10. A single RADIUS server named RA11 holds all network access policies for all remote access servers. Due to some recent changes, you decide to add a second RADIUS server, RA12, to your solution. Remote access connections should be directed to either RA11 or RA12 based on the characteristics of the connection. You decide to configure the RA13 server as a RADIUS proxy. Connection requests from RA1 through RA10 will be sent to RA13. All requests will then be forwarded to RA11 or RA12 based on the characteristics of the connection. Which of the following steps are part of your configuration on RA13? (Select three. Each choice is a required part of the solution.)
Configure RADIUS server groups. Configure RA1 through RA10 as RADIUS clients to RA13.
Your company has recently added a traveling sales force. To allow salesmen access to the network while traveling, you install two additional servers. You configure the servers (REM1 and REM2) as remote access servers to accept incoming calls from remote clients. You configure network access policies on each server. The solution is working fine, but you find that you make constant changes to the remote access policies. You install the Network Policy and Access Services role on a third server (REM3). You configure network access policies on REM3. Following the installation, you verify that all clients can connect to REM1 and REM2. Then you delete the custom network access policies on both servers. Now, no clients can make a remote access connection. What should you do?
Configure REM1 and REM2 as REM3's RADIUS clients.
You are the network administrator for a small company using Windows Server 2016 and Windows 10 clients. A few of the company's employees want to work from home occasionally . You have decided to provide access using a VPN. What should you do?
Configure a remote access VPN.
You are in charge of installing a remote access solution for your network. You decide you need a total of four remote access servers to service all remote clients. Because remote clients might connect to any of the four servers, you decide that each remote access server must enforce the exact same policies. You anticipate that the policies will change frequently. What should you do? (Select two. Each choice is a required part of the solution.)
Configure one of the remote access servers as a RADIUS server and all other servers as RADIUS clients. Configure network access policies on the RADIUS server.
You are the network administrator for you company. The network consists of a single Active Directory domain. All the servers run Windows Server 2016. All the clients run Windows 10. You company has a number of product specialists who travel to remote areas. The product specialists complain that their internet connections frequently fail, forcing them to reconnect to the company VPN server. The server and the clients use the L2TP with IPSec VPN protocol. You need to improve VPN performance by allowing the clients to automatically reconnect to the company VPN if the clients' internet connection should fail. What should you do?
Configure the VPN connection to use the Internet Key Exchange version 2 (IKEv2) VPN protocol.
There are several terms used to describe Azure AD application proxy services. Which of the following terms refers to lightweight agents that communicate between Azure AD application proxy architecture components?
Connectors
You are the network administrator for corpnet.com. You have implemented Active Directory Federation Services (AD FS) to enable single sign-on to a web application named WApp1. You need to enable internet users to access WApp1 using AD FS. You install WAP in the perimeter network. You need to enable internet users to contact the federation proxy server. What should you do first?
Create an A record in the corpnet.com zone hosted on the internet.
Which of the following BEST describes an Azure extended network?
Enables you to stretch an on-premises subnet into Azure.
Which options are found on the settings tab of the network policy components? (Select four.)
Encryption IP filters Multilink and bandwidth allocation protocol IP settings`
Which of the following is a characteristic of TACACS+?
Encrypts the entire packet, not just authentication packets.
You want to implement an Azure WAN solution that does not utilize the public internet and increases security, speed, and reliability. In addition, you want to utilize P2P Ethernet network connectivity. Which of the following Azure WAN solutions will meet your networking requirements?
ExpressRoute
You want to implement an Azure WAN solution that provides a traditional hub-and-spoke connectivity model that can provide for a variety of spoke types. Which of the following Azure WAN solutions will meet your networking requirements?
Global transit network architecture
You want to implement an Azure WAN solution where there is a central management location for external connections and hosting services and VNnets to connect to the central location to host workloads. Which of the following Azure WAN solutions will meet your networking requirements?
Hub-and-spoke architecture
You are the manager for the westsim.com domain. Your company has just started a collaborative effort with a partner company. Their network has a single domain named eastsim.com. You decide to implement Active Directory Federation Services (AD FS) to allow users in the partner organization to access a Web application running on your network. You have three servers available, Srv1, Srv2, and Srv3. Srv3 is a web server that runs the claims-aware application. You want to use the Federation Service Web Application Proxy service in your design. You want to use the least number of servers possible. What should you do?
Install the Federation Service on Srv1. Install WAP and the claims-aware web agent on Srv3.
What is the web application proxy's job?
Intercepts outside traffic that's headed to internal applications.
Which of the following facilitates transitive connectivity for virtual networks in an Azure WAN solution?
Intra-cloud connectivity
An Azure AD application proxy is designed to provide access for a specific type of application. Which of the following BEST describes that application type?
Legacy applications not capable of modern protocol usage.
Which of the following is TRUE regarding an Azure extended network?
Lets on-premises VMs keep their original on-premises private IP addresses when migrating to Azure.
There are several terms used to describe Azure AD application proxy services. Which of the following terms refers to using either hardware or software to distribute the workload among at least two servers?
Load balancing
You are the network administrator for westsim.com. The network consists of a single domain. All the servers run Windows Server 2016. All the clients run Windows 10. There is one main office located in Chicago. The main office is protected from the internet by a perimeter network. A server named VPN1 located in the perimeter network provides VPN remote access for external clients. A server named NPS1 has the Network Policy Server (NPS) role installed and provides RADIUS services for VPN1. NPS1 is located in the perimeter network and is configured to use Active Directory for authentication requests. There are three domain controllers on the internal network. A new company policy requires that the firewall between the internal network and the perimeter network be configured to allow traffic only between specific IP addresses. The amount of internal servers that can be contacted from the perimeter network must be kept to
Move NPS1 to the internal network and implement a RADIUS proxy in the perimeter network.
VPN tunneling protocols encrypts packet contents and wraps them in an unencrypted packets. Which of the following networking devices or services prevents (in most cases) the use of IPsec as a VPN tunneling protocol?
NAT
What should you do before you start configuring a remote desktop gateway?
Obtain an SSL certificate
You manage the remote access solution for your network. Currently, you have two remote access servers, RA1 and RA2, with an additional server, RA3, configured as a RADIUS server. You need to configure RA1 and RA2 to forward authentication requests to RA3. What should you do?
On RA1 and RA2, run Routing and Remote Access. Edit the properties of the server and configure it to use RA3 for authentication.
Which of the following authentication protocols transmits passwords in cleartext and is considered too unsecure for modern networks?
PAP
Organizations want to make applications available to users without having to install the application on each user's computer. This can be done using Remote Desktop Gateway applications with a web interface. Which authentication mode skips the normal authentication request and passes the request to the server that hosts the application?
Pass-through
Which of the following security functions does CHAP perform?
Periodically verifies the identity of a peer using a three-way handshake.
When implementing an Azure AD application proxy, where must CNAME records be created?
Public DNS
Which of the following are differences between RADIUS and TACACS+?
RADIUS combines authentication and authorization into a single function, while TACACS+ allows these services to be split between different servers.
You want to make applications available to your company employees without having to install the application on each employee's computer. You can do this by using which of the following?
Remote Desktop Gateway applications
You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office to access needed files. You want the connection to be as secure as possible. Which type of connection do you need?
Remote access
What does a remote access server use for authorization?
Remote access policies
Which of the following are the specific users for which the AD application proxy is designed?
Remote users that need access to legacy applications.
Which of the following is TRUE regarding the Windows Admin Center (WAC)?
Requires latest version of Azure Network Adapter.
Which of the following are use cases associated with implementing an Azure WAN? (Select two.)
Routing Azure firewall
Which of the following is equipment that facilitates branch connectivity for an Azure WAN solution?
SD-WAN CPE
There are several terms used to describe Azure AD application proxy services. Which of the following terms refers to a service that provides trust to a user's browser while accessing a website or application?
SSL certificates
You have been put in charge of providing a VPN solution for all members of the sales team. Sales team members have been issued new laptop computers running Windows 10. All remote access servers run Windows Server 2016. The salesmen have been complaining that with the previous VPN solution, there were many times that they were unable to establish the VPN solution because the hotel or airport firewalls blocked the necessary VPN ports. You need to come up with a solution that will work in most instances. Which VPN method should you choose?
Secure Socket Tunneling Protocol (SSTP)
Which of the following are standard VPN types used for implementing an Azure WAN solution? (Select two.)
Site-to-site Private connectivity
You need to configure WAP to forward requests to AD FS servers that are not accessible from the internet. Arrange the WAP configuration tasks that you need to complete on the left in the appropriate order on the right.
Step 1 Export the internal AD FS server certificate. Step 2 Import AD FS server certificate. Step 3 Configure an SSL certificate on the default IIS website. Step 4 Add an entry for the AD FS server to the hosts file. Step 5 Install the AD FS Proxy role service. Step 6 Configure the AD FS Proxy. Step 7 Configure DNS records.
Which of the following is true regarding stretching a subnet?
Stretching a subnet is another term for extending a subnet from on-premise to Azure.
Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (Select two.)
TACACS+ RADIUS
There are several terms used to describe Azure AD application proxy services. Which of the following terms refers to a cryptographic protocol that provides end-to-end security of data sent between applications over the internet?
TLS 1.2
Which of the following are network access setting limitations for an Azure AD application proxy? (Select two.)
Terminating connector TLS traffic. Load-balanced connector.
You are a network administrator for a small company. All servers are running Windows Server 2016. All clients are running Windows 10. Your company has just opened a branch office in a different part of the country. To provide access to network resources between sites, you have determined that a Windows Server 2106 site-to-site VPN using a Remote Access Services (RAS) gateway would work best for your needs. Before creating the site-to-site VPN, what must you install first? (Select two.)
The Remote Access role The DirectAccess and VPN (RAS) role service.
What is the computer that remote users connect to?
The web application proxy
Which of the following allows connections to be made between VNets to facilitate an Azure WAN solution?
Transitive connectivity
Match the type of VPN with its description.
Two hosts establish a secure channel and communicate directly. Host-to-host Routers on the edge of each site establish a VPN with the router at the other location. Site-to-site Allows individual users to establish secure connections with a remote computer network. Remote access
You have implemented an Azure extended network with a firewall between on-premise and the cloud. Which port do you need to open?
UDP 4789
Before creating an Azure AD application proxy, which of the following is ALWAYS required?
Users must be synched from on-premise AD to Azure AD, or users must be created in Azure AD.
Which of the following are characteristics of TACACS+? (Select two.)
Uses TCP. Allows three different servers (one each for authentication, authorization, and accounting).
Which of the following are connector types required to deploy an Azure AD application proxy? (Select two.)
VM hosted on any hypervisor On-premise physical hardware
Azure network adapter connection limitations are determined by which of the following? (Select three.)
VPN gateway SKU selected. Encryption algorithm used. Throughput speeds needed.
Which of the following is a traditional VPN setup for an Azure WAN solution?
VPN-CPE
Which of the following BEST describes VNets?
Virtual networks hosted in Azure Cloud.
You are configuring AD FS. Which server should you deploy on your organization's perimeter network to allow users to access web applications?
Web Application Proxy
Which of the following are considered RADUIS clients? (Select two.)
Wireless access points VPN servers
