Knowledge Quiz 5 - Remote Access using Windows
After an NPS server receives an Access-Request message, what message does it reply with to tell the client that access is granted? a. Access-Granted b. Access-Token c. Access-Enabled d. Access-Accept
Access-Accept
After receiving an Access-Request message, the NPS server can respond with what message below to request additional information? a. Access-Query b. Request-Info c. Access-Challenge d. Request-More
Access-Challenge
Border Gateway Protocol (BGP)
An advanced dynamic routing protocol that can be used to route between remote networks, including site-to-site VPNs and between physical and virtual networks.
Kerberos proxy
An authentication method that allows a client computer to authenticate to a domain controller by using the DirectAccess server as a proxy.
demand-dial interface
An interface that's activated when a client attempts to connect to the Internet, such as a dial-up modem or Point-to-Point Protocol over Ethernet (PPPoE) connection.
A Kerberos proxy allows a client computer to authenticate to a domain controller, using the DirectAccess server as a proxy. True or False?
True
A RADIUS proxy can be placed between Network Access Servers and NPS servers to manage the load on NPS servers. True or False
True
A perimeter network is a boundary between the private network and the public Internet where most resources available to the Internet, such as mail, web, DNS, and VPN servers, are located. True or False?
True
By default, all three tunnel types are enabled when Windows Server 2016 is configured as a VPN server. True or False?
True
DirectAccess provides a more convenient and manageable secure remote connection using features available in IPv6 True or False
True
Network Policy Server is Microsoft's implementation of the Remote Authentication Dial In User Service (RADIUS) protocol, a proposed IETF standard that's widely used to centralize authentication, authorization, and accounting to network services. True or False
True
Network policies can be configured to restrict the days and times at which a user can or can't access the network. True or False
True
The RIPv2 routing protocol uses hop count as its metric for routing packets in a network. True or False?
True
There are two types of namespaces: domain based and stand-alone. True or False
True
When DirectAccess clients are connected to the Internet, the name resolution policy table (NRPT) makes sure that DNS requests for intranet resources are directed to internal DNS servers, not Internet DNS servers. True or False?
True
When a VPN client attempts to connect to a VPN, it tries to use each of the tunneling types until it's successful or the connection fails True or False
True
When replicating files, DFS replication tries to use full bandwidth by default. True or False
True
Windows server 2016 can be configured as a router to connect multiple subnets in a network or connect a network to the Internet True or False
True
A valid digital certificate that is not self-signed is issued by: a. A DirectAccess client b. A Certification Authority c. A router d. A VPN server
b. A Certification Authority
Which of the following can function as a RADIUS client? (Choose all that apply.) a. An unmanaged switchAn unmanaged switch b. A dial-in server c. A VPN server d. A wireless access pointA wireless access point
b. A dial-in server c. A VPN server d. A wireless access pointA wireless access point
What authentication method is required for the use of smart cards and can be used for biometric authentication? a. RADIUS authentication b. Extensible authentication protocol c. IKEv2 d. MS-CHAP v2
b. Extensible authentication protocol
What are some of the advantages of using hosted cache mode over distributed cache mode? (Choose all that apply.) a. Additional maintenance cost are saved b. Increased availability of cached files c. Support for multiple subnets d. A dedicated server is not needed
b. Increased availability of cached files c. Support for multiple subnets
What type of tunnel is created between the client computer and a DirectAccess server, and is used for control of the DirectAccess connection? a. Split tunnel b. Infrastructure tunnel c. Internet tunnel d. Intranet tunnel
b. Infrastructure tunnel
What authentication method encrypts both authentication information and data, in addition to being able to prompt a user to change an expired password? a. Encrypted Authentication (CHAP) b. Microsoft Encrypted Authentication Version 2 (MS-CHAP v2) c. IPSec d. Extensible Authentication Protocol (EAP)
b. Microsoft Encrypted Authentication Version 2 (MS-CHAP v2)
What version of the dynamic routing protocol RIP is supported on Windows Server 2016? a. RIPng b. RIPv2 c. RIPv4 d. RIPv1
b. RIPv2
When there are two or more routes to the same destination, the route with what type of metric takes precedence? a. hop count b. lowest c. verified d. highest
b. lowest
What routing protocol must be used to support dynamic routing when using Windows Server 2016 and IPv6 routing? a. RIP b. RIPv2 c. Border Gateway Protocol d. OSPF
c. Border Gateway Protocol
Which of the following are BranchCache modes of operation? (Choose all that apply.) a. On-demand b. Failover c. Hosted d. Distributed
c. Hosted d. Distributed
Each type of VPN service within RRAS can support up to a maximum of how many connections or ports?
128
When creating a replication group, the maximum single file size that can be replicated is 10 TB True or False
False
intranet tunnel
The tunnel created when a user signs in to the DirectAccess client
In order for a client to accept a certificate from an NPS server, the certificate must have a key size consisting of at least how many bits? a. 2048 b. 1024 c. 4096 d. 512
2048
In order to allow Remote Desktop Protocol (RDP) access to DirectAccess clients, which port below must be opened on the client side firewall?
3389
The IPsec Encapsulating Security Payload (ESP) protocol uses what IP protocol ID?
50
What UDP port is used for IKE traffic from VPN client to server?
500
Domain based namespaces are limited to how many folders? a. 1000 b. 100000 c. 50000 d. 5000
5000
name resolution policy table (NRPT)
A table configured on a DirectAccess client that makes sure DNS requests for network resources are directed to internal DNS servers, not Internet DNS servers.
A default route is indicated by what address below? a. 192.168.1.255 b. 255.255.255.255 c. 0.0.0.0 d. 127.0.0.1
0.0.0.0
infrastructure tunnel
A tunnel created between the client computer and the DirectAccess server, used for control of the DirectAccess connection.
Internet Protocol-Hypertext Transfer Protocol Secure (IP-HTTPS)
A tunneling protocol used to transport IPv6 packets over an HTTPS connection.
Port Address Translation (PAT)
A variation of NAT that allows several hundred workstations to access the Internet with a single public Internet address.
When configuring a VPN server to automatically assign IP addresses to remote clients, how many IP addresses are in a single pool allocated by the VPN server?
10
What is the maximum size of all replicated files allowed within a replication group? a. 250 TB b. 250 GB c. 100 GB d. 100 TB
100 TB
Multisite DirectAccess
A DirectAccess configuration with two or more DirectAccess servers, each providing a secure entry point into a network.
multisite DirectAccess
A DirectAccess configuration with two or more DirectAccess servers, each providing a secure entry point into a network.
Network Location Server (NLS)
A basic web server used by DirectAccess client computers to determine whether they're on the intranet or a remote network.
perimeter network
A boundary between the private network and the public Internet and where most resources available to the Internet, such as mail, web, DNS, and VPN servers, are located.
VPN connection profile
A connection profile that allows you to create VPN connections that can be distributed to user's computers so VPN clients do not have to be configured on each client station.
VPN reconnect
A feature that automatically reestablishes a VPN connection that is temporarily lost with no intervention from the user.
routing table
A list of network destinations and information on which interface can be used to reach the destination.
static route
A manually configured route in the routing table that instructs the router where to send packets destined for particular networks.
tunnel
A method of transferring data across an unsecured network in such a way that the data is hidden from all but the sender and receiver.
demand-dial interface
A network connection that is used to establish the VPN connection whenever network traffic from the internal network has a destination address of the other network to which you are connecting.
virtual private network (VPN)
A network connection that uses the Internet to give mobile users or branch offices secure access to a company's network resources on a private network.
Network Address Translation (NAT)
A process whereby a router or other type of gateway device replaces the source or destination IP addresses in a packet before forwarding the packet.
force tunneling
A remote access method in which all traffic from the client goes over the DirectAccess tunnel, including traffic destined for the Internet
split tunneling
A remote access method in which only requests for resources on the intranet are sent over the DirectAccess tunnel
DirectAccess
A role service that is part of the DirectAccess and VPN role service under the Remote Access server role that provides many of the same features as a VPN but adds client management and always-connected capability.
Remote Access
A server role that provides services to keep a mobile workforce and branch offices securely connected to resources at the main office.
If a conflict occurs, DFS replication stores the losing conflicted file in what folder? a. DFSRRecovery\ConflictandDeleted b. DFSRRecovery\LostandFound c. DFSRPrivate\ConflictandDeleted d. DFSRPrivate\LostandFound
DFSRPrivate\ConflictandDeleted
Your server and network must meet requirements for the type of VPN you want to set up. Which one of the following is not a requirement to setup a VPN server? a. DHCP configuration b. Correctly configured firewall c. Two or more NICs installed on a server d. DHCP configuration e. DNS Configuration
DNS Configuration
What type of interface is activated when a client attempts to connect to the Internet?
Demand-dial interface
By default, the NPS Network Policy is configured to allow access to all users. True or False?
False
VPN connection settings cannot be changed on a domain-wide basis using group policy. True or False?
False
A default route is indicated by what address below? a. 255.255.255.255 b. 0.0.0.0 c. 127.0.0.1 d. 192.168.1.255
b. 0.0.0.0
What PowerShell cmdlet can be used to add a static route?
New-NetRoute
Select below the VPN tunnel type that uses Generic Routing Encapsulation based tunnels and CHAP / EAP authentication:
PPTP
What extension of NAT allows several hundred workstations to access the Internet with a single public Internet address? a. Network Address Translation b. Outside Network Address Translation c. Multiple Address Translation d. Port Address Translation
Port Address Translation
What is essentially a log of the different access and accounting requests and responses sent between RADIUS clients and RADIUS servers? a. Microsoft SQL Server XML b. RADIUS accounting c. Event logs d. NPS accounting
RADIUS accounting
What version of the dynamic routing protocol RIP is supported on Windows Server 2016? a. RIPv2 b. RIPv1 c. RIPng d. RIPv4
RIPv2
Which service will allow a Windows server to be configured as a router to connect multiple subnets in a network or connect the network to the Internet? a. DirectAccess b. Routing and Remote Access c. Certificate Services d. RADIUS
Routing and Remote Access
What are NPS connection request policies used to control? a. Specify the conditions that apply to users and groups b. Specify the times users can access the network c. Specify which RADIUS servers handle connection requests from RADIUS clients d. Specify which users and groups have access
Specify which RADIUS servers handle connection requests from RADIUS clients Correct
default route
The network where the router sends all packets that don't match any other destinations in the routing table.
hop count
The number of routers a packet must go through to reach the destination network.
intranet tunnel
The tunnel created when a user logs on to the DirectAccess client
In the Point-to-Point-Tunneling Protocol, how are frames encrypted?
Using MPPE
What option can be used to create VPN connections that can be distributed to users' computers so that VPN clients do not have to be configured on each client station? a. VPN connection profiles b. VPN user connections c. site-to-site VPN d. VPN reconnect
VPN connection profiles
You want to configure a BranchCache server in hosted cache mode. What is the minimum OS version requirement to do so? a. Windows Server 2008 b. Windows Server 2003 SP3 c. Windows Server 2008 R2 d. Windows Server 2012
Windows Server 2008 R2
If a DirectAccess user has issues with their laptop or remote device, what can be enabled to facilitate help desk personnel get remote desktop access to the client? a. ISATAP b. Teredo c. 6to4 d. IPsec
a. ISATAP
What extension of NAT allows several hundred workstations to access the Internet with a single public Internet address? a. Port Address Translation b. Outside Network Address Translation c. Multiple Address Translation d. Network Address Translation
a. Port Address Translation
What VPN tunnel type was developed in cooperation with Cisco Systems and Microsoft, and uses Data Encryption Standard (DES) or Triple DES (3DES)? a. L2TP b. PPTP c. L2TP/IPsec d. SSTP
c. L2TP/IPsec
What specific authentication method has no encryption for user credentials or data, and is not recommended for most applications? a. MS-CHAP v2 b. IKEv2 c. PAP d. CHAP
c. PAP
When a router receives packets on an interface, which of the following occurs immediately? a. The router consults its MAC address table to determine where to send the packet b. The router consults its routing table to verify where the packet originated c. The router consults its routing table to determine where to send the packet d. The router consults its routing table to determine if the packet is valid
c. The router consults its routing table to determine where to send the packet
Which of the following is true about VPN? (choose all that apply) a. Point-to-Point Tunneling Protocol (PPTP) provides a higher level of security than L2TP/IPsec b. Allows publishing Web-based applications for use by clients outside the network c.VPNs use encryption and authentication to ensure communication is secure and legitimate d. Privacy is achieved by creating a tunnel between the VPN client and VPN server.
c.VPNs use encryption and authentication to ensure communication is secure and legitimate d. Privacy is achieved by creating a tunnel between the VPN client and VPN server.
When BranchCache is being utilized in an office and a client computer makes a subsequent request for a file, what will indicate to the client where the file can be retrieved from the cache in the branch office? a. original information b. content information c. encrypted file d. cached file
content information
Which service will allow a Windows server to be configured as a router to connect multiple subnets in a network or connect the network to the Internet? a. Certificate Services b. DirectAccess c. RADIUS d. Routing and Remote Access
d. Routing and Remote Access
What port is utilized for an inbound SSTP tunnel? a. TCP 500 b. UDP 1723 c. UDP 4500 c
d. TCP 443
In what order are policies processed in the Network Policy Server? a. Least restrictive policy first b. Bottom to top c. Most restrictive policy first d. Top to bottom
d. Top to bottom
When configuring the Network Access Permissions, what option checks the calling phone number attempting to create a remote connection with the phone number entered into a text box in a user account's properties? a. user access b. Deny access c. Control access list d. Verify Caller-ID
d. Verify Caller-ID
What is the process of requesting a certificate, having it approved, and downloading called? a. registration b. certifying c. enrollment d. validating
enrollment
When an internal and an external IP address exist for the same DNS name, how can administrators force DirectAccess clients to a specific IP address?
Use an NRPT exemption
