WinSvr Quiz: Module 09 Implement Network Connectivity
Which of the following is a service provided by the Remote Access server role? (Choose all that apply.) a. Network Address Translation b. Web Application Proxy c. Windows Server Update Services d. Internet Information Services
a. Network Address Translation b. Web Application Proxy The Remote Access server role provides Network Address Translation, Web Application Proxy, routing, VPN, and dial-up services.
When a connection request requires authentication from another domain controller and is sent to an NPS server acting as a RADIUS proxy, what specific part of the network policy determines which server the request is routed to? a. Realm b. PEAP c. Priority d. Weight
a. Realm If connection requests require authentication from another domain controller, they can be sent to an NPS server acting as a RADIUS proxy; the realm determines which server the request is routed to.
What criteria can a RADIUS proxy use to determine where to forward a request? (Choose three.) a. The priority assigned to the server b. The weight assigned to the server c. The availability of the server d. The IP address of the server
a. The priority assigned to the server b. The weight assigned to the server c. The availability of the server In a server group of two or more RADIUS servers, the load can be balanced based on the priority, weight, and availability of a server.
Which tunnel type needs to authenticate client and server computers with a preshared key or a digital certificate? a. PPTP b. SSTP c. L2TP/IPsec d. PPP
c. L2TP/IPsec L2TP/IPsec uses Data Encryption Standard (DES) or Triple DES (3DES), using encryption keys generated by the Internet Key Exchange (IKE) process. L2TP/IPsec requires certificates or preshared keys for authentication.
When all NPS policies on an NPS server are exported, what else is exported? a. The RADIUS accounting log b. Physical device names c. Shared secrets d. A list of client access devices
c. Shared secrets When exporting an NPS policy, the user is warned that shared secrets are exported.
To make a connection request policy apply to a wireless access point, the NAS type must be set to which of the following? a. Wireless access point b. 802.11 c. Unspecified d. None of these
c. Unspecified For a policy to apply to an 802.1x authenticating switch (for example, several types of Cisco switches can act as RADIUS clients) or a wireless access point, the NAS type must be Unspecified.
When you create a VPN connection on a client computer, what's the default tunnel type? a. SSTP b. PPTP c. Automatic d. L2TP/IPsec
c. Automatic The default tunnel type is automatic, which means the client will attempt to connect using each tunnel type until a connection is successful.
What do network policies specify? a. Which RADIUS servers handle connection requests from RADIUS clients b. Which users and groups can connect, what times they can access the network, and what conditions apply c. Both a and b d. None of these
c. Both a and b Network policies specify who can connect to the network and under what conditions. You use network connection policies to specify which RADIUS servers handle connection requests from RADIUS clients.
Which of the following is not an encryption setting you can choose when configuring network policies for VPNs? a. Basic b. Strong c. Clear text d. No encryption
c. Clear text The choices for configuring encryption in a network policy for VPN are Basic, Strong, Strongest, and No encryption. Clear text is not a valid choice.
Which authentication method should you choose if users authenticate with smart cards? a. MS-CHAP v2 b. PAP c. EAP d. RADIUS
c. EAP EAP is the default authentication method. It's the most flexible authentication method because it works with non-Windows clients, and third-party providers can develop custom authentication schemes. EAP is required for the use of smart cards and can be used for biometric authentication.
What type of topology is created when you implement Azure Virtual WAN? a. Hub and spoke b. Partial mesh c. Extended star d. Point-to-point
a. Hub and spoke Azure Virtual WAN creates a hub and spoke topology in which all connected networks go through the Virtual WAN hub.
The Network Access Permission attribute for a user account is set to which of the following by default? a. Control access through NPS Network Policy b. Allow access c. Deny access d. Control access through Group Policy
a. Control access through NPS Network Policy The user account property Network Access Permission can be set to Allow, Deny, or Control access through NPS Network Policy. The latter is the default setting.
What formats does RADIUS accounting write to? (Choose three.) a. Event log b. SQL Server c. RADIUS accounting format d. Text file
a. Event log b. SQL Server d. Text file NPS logs requests and responses by using event logs, a local text file, or a Microsoft SQL Server XML-compliant database.
Which of the following can function as a RADIUS client? (Choose three.) a. A VPN server b. An unmanaged switch c. A wireless access point d. A dial-in server
a. A VPN server c. A wireless access point d. A dial-in server A VPN server, wireless access point, or dial-in server can function as a RADIUS client. An unmanaged switch has no capability to configure RADIUS authentication because it requires no authentication.
Which of the following is a possible response from an NPS server when evaluating an Access-Request message? (Choose all that apply.) a. Access-Reject b. Access-Deny c. Access-Accept d. Access-Challenge
a. Access-Reject c. Access-Accept d. Access-Challenge The three types of NPS server response messages are Access-Reject, Access-Accept, and Access-Challenge. Access-Deny is not a valid NPS response message.
Which of the following are options for configuring NPS? (Choose two.) a. As a RADIUS server b. As a RADIUS client c. As a RADIUS proxy d. As both a RADIUS client and server
a. As a RADIUS server c. As a RADIUS proxy After NPS is installed, you can configure the server to be a RADIUS server, RADIUS proxy, or both.
Which of the following is not an NPS template type? a. Certificates b. Shared secrets c. RADIUS clients d. Remote RADIUS servers
a. Certificates There are four NPS template types: shared secrets, RADIUS clients, remote RADIUS servers, and IP filters.
What do connection request policies specify? a. Which RADIUS servers handle connection requests from RADIUS clients b. Which users and groups can connect, what times they can access the network, and what conditions apply c. Both a and b d. None of these
a. Which RADIUS servers handle connection requests from RADIUS clients Connection request policies are used to specify which RADIUS servers perform authentication and authorization of RADIUS clients' connection requests. These policies can also specify which servers RADIUS accounting requests are sent to.
When a certificate is used for authentication, the certification authority (CA) must be trusted by the client or server. To be trusted, the CA must have which of the following in the Trusted Root Certification Authorities certificate store? a. Trusted CA b. CA certificate c. Client certificate d. Authenticated certificate
b. CA certificate For a certificate to be used for authentication, the CA must be trusted by the client or server. To be trusted, the CA must have a root certificate (also called the "CA certificate") in the Trusted Root Certification Authorities certificate store.
Remote access is denied to users by default. Which of the following can you do to allow users to connect via remote access? (Choose two.) a. Configure settings in the Routing and Remote Access console. b. Configure dial-in settings in user accounts. c. Configure a network policy in the Network Policy Server console. d. Set up a VPN.
b. Configure dial-in settings in user accounts. c. Configure a network policy in the Network Policy Server console. Remote access can be controlled by configuring the dial-in settings in a user's account properties or by configuring a network policy in the Network Policy Server console.
You are configuring network policies. After you have configured your RADIUS servers and clients, which specific policy will allow you to specify attributes for how the access client is connecting to the network? a. Day and time restrictions b. Connection properties c. RADIUS client properties d. Gateway properties
b. Connection properties Connection properties specify attributes for how the access client is connecting to the network. This condition compares attributes such as the access client's IP address (not the RADIUS client's IP address), the authentication method being used, the framing protocol (for example, PPP), the service being used (such as Telnet or PPTP), and the tunnel type (PPTP or L2TP).
Which feature must be enabled on an on-premises server that will act as a virtual appliance in an Azure extended network configuration? a. Azure Network Adapter b. Nested virtualization c. Routing and Remote Access d. VPN client
b. Nested virtualization You must create a Windows Server Azure Edition VM with Hyper-V configured for nested virtualization (running a hypervisor inside a hypervisor). This is the Azure virtual appliance in the extended network configuration.
What should you configure if you want only users who are members of particular groups to be able to connect to the VPN? a. Connection request policy b. Network policy c. Remote authentication rule d. Network access rule
b. Network policy The groups a user belongs to can control VPN access based on the network policy's access permission setting. With user groups and IP filters, you can create policies that restrict users to using specific protocols and specific servers.
Which VPN tunnel type requires the firewall to allow TCP port 443? a. PPTP b. SSTP c. L2TP/IPsec d. PPP
b. SSTP The Secure Socket Tunneling Protocol uses digital certificates for authentication and encryption key exchange. By default, it uses the same port as HTTPS: port 443.
Which of the following needs to be configured on the firewall to allow PPTP VPN connections? (Choose two.) a. UDP port 4500 b. TCP port 1723 c. IP protocol ID 50 d. IP protocol ID 47
b. TCP port 1723 d. IP protocol ID 47 PPTP tunnels use TCP port 1723 for PPTP maintenance traffic from VPN client to server. IP protocol ID 47 is for GRE traffic, which tunnels data transfers from VPN client to server. Both inbound and outbound firewall rules must be configured.
Which of the following is an authentication type for EAP and is a cryptographic protocol used to encrypt network messages? a. System Extensible Protocol b. Transport Layer Security c. Protected Extensible Authentication Protocol d. Password Authentication Protocol
b. Transport Layer Security The authentication type for EAP is Transport Layer Security (TLS), which is a cryptographic protocol used to encrypt network messages. TLS provides privacy (data encryption), data integrity (which detects unauthorized changes in the data), and authentication.
Which of the following are required to use Azure Network Adapter to connect an on-premises server to a VM running in Azure? (Choose two.) a. VNet peering b. Windows Admin Center c. An Azure VNet d. Nested virtualization
b. Windows Admin Center c. An Azure VNet To create an Azure network adapter, the following prerequisites must be in place: An Azure VNet exists to which the on-premises server will connect. There are network resources on the VNet that can be accessed by the on-premises server. Windows Admin Center (WAC) must be installed in your on-premises network. WAC must be connected to Azure.
Which of the following are requirements for configuring the Web Application Proxy role service on Windows Server? (Choose two.) a. The database must be hosted by an external SQL server. b. You must have a functioning AD FS deployment on the network. c. Two NICs are needed: one NIC for the Internet and the other connected to the private network. d. The Web Application Proxy must be installed on a standalone server.
b. You must have a functioning AD FS deployment on the network. c. Two NICs are needed: one NIC for the Internet and the other connected to the private network. You must have a functioning AD FS deployment and a server with at least two NICs. In addition, you need a certificate in the Personal certificate store issued by a CA. An external SQL server is optional but not required, and the Web Application Proxy server does not need to be installed on a standalone server.
Which remote access configuration option should you choose if you want mobile users to be able to make a secure connection to the main network and allow computers on the private network to access the Internet with a public IP address? a. Remote access (dial-up or VPN) b. Network Address Translation c. VPN access and NAT d. Secure connection between two private networks
c. VPN access and NAT VPN allows a secure connection for mobile users to the organization's network, while Network Address Translation (NAT) is required to allow devices with private IP addresses to access the Internet.
When a RADIUS server receives a RADIUS Access-Request message from a RADIUS client, which of the following are checked against the connection request policy's conditions? a. Client's permissions b. Radius server's attributes c. Group policies d. Client's attributes
d. Client's attributes When a RADIUS server receives a RADIUS Access-Request message from a RADIUS client, the client's attributes are checked against the connection request policy's conditions. The attributes in the Access-Request message must match at least one of the conditions in the policy before the NPS server acts as a RADIUS server or RADIUS proxy.
Which VPN tunnel type uses an Internet Key Exchange? a. PPP b. PPTP c. SSTP d. L2TP/IPsec
d. L2TP/IPsec L2TP/IPsec uses Data Encryption Standard (DES) or Triple DES (3DES), using encryption keys generated by the Internet Key Exchange (IKE) process.
What client authentication method can PEAP use? a. Passwords b. Certificates c. Biometrics d. None of these methods
d. None of these methods Selecting PEAP as the authentication method doesn't involve using a client certificate; instead, it uses MS-CHAP v2 for client authentication. However, PEAP can be configured to require a server certificate. This method protects clients from connecting to a server that's pretending to be the server they want to connect to; also, PEAP encrypts the information it's passing.
Which of the following NPS template types can specify a reusable password for validating a connection between RADIUS servers and proxies and NAS servers? a. System health agent b. NPS agent c. System health validator d. Shared secrets
d. Shared secrets The Shared Secrets template specifies a reusable password for validating a connection between RADIUS servers and proxies and NAS servers.
RADIUS proxies distribute requests equally between servers when which of the following is true? a. The load balancing attribute is set. b. The servers have the same priority. c. Each server has a different weight. d. The servers have the same weight and priority.
d. The servers have the same weight and priority. To distribute the load between two servers evenly, you could assign each a priority of 1 and a weight of 50 so that each server gets 50 percent of the connection requests. Setting just the priority doesn't result in load balancing because the lowest-priority server continues getting requests unless it becomes unavailable. However, a priority of 1 can be assigned to multiple servers, and the Weight setting can be used to force load balancing.
What do you use to connect VNets that are in the same region or different regions? a. Azure Network Adapter b. Azure Routing and Remote Access c. Azure Relay d. Virtual network peering
d. Virtual network peering Virtual network peering is an Azure technology that allows you to connect VNets and enable their resources to communicate with one another.
