NEST208
After authorizing a new DHCP server, what must you do to ensure that the DHCP server can release IP addresses to the clients on the network? a. Create a scope b. Create a reservation c. Create Server Options d. Create a filter e. Create a policy
a
After creating a scope with the DHCP Options, what is the next immediate action that you must perform so that the clients can obtain the IP addresses? a. activate the scope b. activate the server options c. restart the DHCP service d. create a reservation
a
How long through the lease period does the client first send a renewal request ? a. 50% b. 60% c. 75% d. 90%
a
If you disable the option to use root hints when no forwarders are available, what are you doing? a. Disabling recursion b. Locking the cache c. Enabling the socket pool d. Configuring the netmask
a
Which of the following best describes DNS? (Choose all that apply.) a. Hierarchical database b. Flat database c. Monolithic database d. Distributed database
a, d
What are some of the key factors that DNS policies that define how a DNS responds to DNS queries? [Choose all that apply.] a. Transport protocol b. Server type c. Number of queries d. Subnet e. Time of day f. Clients type
a, d, e
Which of the following types of attack is the DNS server being protected from by using the random port number from a Socket Pool? a. DNS Tunneling b. Cache Poisoning c. TCP SYN Flood d. DNS Hijacking
b
Which protocol is responsible for resolving a server's name to its IP address? a ARP b DNS c DHCP d IPv4
b
Which of the following accurately represents an FQDN? a. host.top-level-domain.subdomain.domain b. domain.host.top-level-domain c. host.subdomain.domain.top-level-domain d. host.domain.top-level-domain.subdomain
c
Which of the following protects against DNS cache poisoning by enabling a DNS server to randomize the source port when performing DNS queries? a. Cache locking b. Data integrity c. Socket pool d. Zone signing
c
Which of the following records is returned when the requested resource record doesn't exist and are is used to fulfill the authenticated denial of existence security feature of DNSSEC? a. DNSKEY b. zone-signing key c. Next Secure d. Delegation Signer
c
You have a DHCP server set up on your network and no DHCP relay agents. You're capturing DHCP packets with a protocol analyzer and see a broadcast packet with UDP source port 68 and UDP destination port 67. Which of the following DHCP message types can the packet be? a. A DHCPREQUEST to renew an IP address lease b. A DHCPACK to acknowledge an IP address lease request c. A DHCPDISCOVER to request an IP address d. A DHCPOFFER to offer an IP address lease
c
You have a DNS server running Windows Server 2016 named DNS1 that contains a primary zone named csmtech.local. You have discovered a static A record for a the server name DB1 in the zone, but you know that DB1 was taken offline several months ago. Aging and scavenging are enabled on the server and the zone. What should you do first to ensure that stale static records are removed from the zone? a. Change the default TTL on static records b. Configure the "Expires after" value in the SOA c. Enable the Advanced View setting in DNS Manager d. Change the "No-refresh interval" timer to a lower number
c
You have just finished setting up your DNS infrastructure, and the DNS process seems to be working well. You want to be able to create a baseline of performance data so that if slowdowns occur later, you have information for comparison purposes. Which tool should you use? a. dnscmd.exe b. Debug logging c. Performance Monitor d. Event logging
c
You have seven DNS servers that hold an Active Directory-integrated zone named csmpub.local. Three of the DNS servers are in the Chicago site, which is connected to three other sites through a WAN link with limited bandwidth. Only users in the Chicago site need access to resources in the csmpub.local zone. Where should you store the csmpub.local zone? a. DomainDNSZones partition b. ForestDNSZones partition c. Custom application partition d. csmpub.local.dns
c
You have a zone containing two A records for the same hostname, but each A record has a different IP address configured. The host records point to two servers hosting a high-traffic Web site, and you want the servers to share the load. After some testing, you find that you're always accessing the same Web server, so load sharing isn't occurring. What can you do to solve the problem? a. Enable the load sharing option on the zone b. Enable the round robin option on both A records c. Enable the load sharing option on both A records d. Enable the round robin option on the server
d
In a new failover relationship in the Load Balancing mode, what is the default load split between both servers? a. Local - 70, Partner - 30 b. Local - 80, Partner - 20 c. Local - 60, Partner - 40 d. Local - 50, Partner - 50
d
What is the term for a scope composed of multicast addresses intended to be used on a private network? a. Superscope b. Multicast scope c. Private scope d. Administrative scope
d
What scope options can stop an address from being given to a specified MAC address? a. DHCPDECLINE b. MAC screening c. Policies d. Deny filter
d
Which dynamic update configuration is available only for Active Directory-integrated zones? a. manual entry only b. non-secure and secure c. non-secure only d. secure only
d
Which is a DNS server to which other DNS servers and requests targeted for a specific domain? a. Authoritative server b. Domain forwarder c. Caching-only server d. Conditional forwarder
d
Which of the following uses digital signatures contained in DNSSEC-related resource records to verify DNS responses? a. Socket pool b. Data integrity c. Cache locking d. Zone signing
d
Which record, found in every zone, contains information that identifies the server primarily responsible for the zone? a. Host record b. Canonical Name record c. Service location record d. Start of authority record
d
Which type of attack is prevented by enabling the DNS Cache Locking feature? a. TCP SYN Flood b. DNS Tunneling c. DNS Hijacking d. Cache poisoning
d
You have configured your computers with static IP addresses but want them to get the DNS server and default gateway settings via DHCP. What type of DHCP message do you see as a result? a. DHCPREQUEST b. DHCPRELEASE c. DHCPNAK d. DHCPINFORM
d
You have decided that you need to change the setting of an existing DNS forwarder. Which of the following PowerShell cmdlets will allow you to accomplish this task? a. Add-DnsServerForwarder b. Import-DnsServerForwarder c. Set-DnsServerRecursion d. Set-DnsServerForwarder
d
You have decided to create multiple zone scopes to configure your DNS server to respond to clients based on whether the client is on your internal network or an external network. What specific configuration can you use to implement this policy? a. Query filters b. Subnet-based DNS c. Selected DNS d. Split-brain DNS
d
You have noticed that your server's DNS cache locking value is configured to 100. What effect does this have on the DNS server's cached data? a. All data will be completely overwritten. b. All data will be overwritten after it is cached. c. The data will be partially overwritten. d. The data cannot be overwritten.
d
You need to create a resource record for a public-facing Web server in the DNS server. Which of the following type of resource record should you create? a. A b. AAAA c. MX d. CNAME
d
You want to create a security key and update it all DNS servers to enable validation. What is the first step that you should perform? a. Uninstall the key from all domain controllers b. Delete the existing key from other servers c. Restart the domain controller holding the key d. Unsign the zone holding the key
d
For you to set up a Windows Server 2016 system as a VPN server, how many network adapters would be required? a. 2 b. 1 c. 6 d. 3 e. 4 f. 5
a
Which of the following is an authentication type for EAP and is a cryptographic protocol used to encrypt network messages? a. Transport Layer Security b. System Extensible Protocol c. Protected Extensible Authentication Protocol d. Password Authentication Protocol
a
Which authentication method should you choose if users authenticate with smart cards? a. EAP b. RADIUS c. MS-CHAPv2 d. PAP
a
Which feature of the Windows file system allows users to see only files and folders to which they have been given at least read permission? a. access-based enumeration b. user rights listing c. policy directory listing d. permission-based file listing
a
Which of the following is not part of a DHCPv6 scope configuration? a. Default gateway b. Prefix c. Preference d. Scope lease
a
Which of the following ordering methods lists servers in the same Active Directory site as the client first and does not ignore a site's cost? a. Lowest cost, selecting the closest server first. b. No default; you must choose an ordering method during initial configuration. c. The order in which the target servers were defined. d. Random order to ensure load balancing.
a
Which of the following routing protocols would you choose when using dynamic routing with IPv6? a. BGP b. IS-IS c. RIPv2 d. IGRP
a
Which of the following terms best describes a server's ability to recover from a network hardware failure because additional network hardware can immediately take over when a device has malfunctioned? a. Failover b. RSS c. Load balancing d. QoS
a
Which report should you generate to know the efficiency of the DFS replication? a. Health b. Replication c. Propagation d. Propagation Test
a
Which tunnel type needs to authenticate client and server computers with a preshared key or a digital certificate? a. L2TP/IPsec b. PPP c. PPTP d. SSTP
a
Which version of Windows Server first introduced BranchCache? a. Windows Server 2008 R2 b. Windows Server 2012 c. Windows Server 2008 d. Windows Server 2016
a
Which of the following IP addresses will be delivered to all the computers on the local network? a) 10.1.240.255/24 b) 175.16.1.1/16 c) 10.1.254.255/16 d) 10.255.150.255/8
a
Which of the following does a router do if it receives a packet for a destination network that's not in its routing table and no default route is configured? a. Discards the packet b. Sends a route query to the next router c. Returns the packet to the sender d. Broadcasts the packet
a
Which of the following can function as a RADIUS client? (Choose all that apply.) a. A VPN server b. An unmanaged switch c. A wireless access point d. A dial-in server
a, c, d
Which of the following key technologies, virtual or physical, are most likely to be centrally managed when using software-defined networking? (Choose all that apply.) a. Router b. Networked power supply c. Access gateway d. Switch
a, c, d
Scavenging must be enabled in which two places to take effect? a. domain controller and dns server b. dns server and active directory c. dns server and zones d. dns server and delegated servers
c
Which is the correct order in which a DNS client tries to resolve a name? a. Cache, DNS server, Hosts file b. Hosts file, cache, DNS server c. Cache, Hosts file, DNS server d. DNS server, cache, Hosts file
c
NIC teaming allows multiple network interfaces to work in tandem to provide increased bandwith, load balancing and fault tolerance. You can create a NIC team with a single network interface, but most of the utility of a NIC team comes from having more than one NIC in the team. Windows Server 2016 supports VM NIC teams with up to __________ members.
2
Default socket pool size of Windows Server 2016 DNS?
2500
Which type of zone can redirect the DNS client to the authoritative DNS server that has authority for resolving hostnames for the given DNS zone? a. Stub zone b. Secondary zone c. Primary zone d. Any of the mentioned choices
NOT C, d?
QoS policies are created using the ________ cmdlet.
New-NetQosPolicy
A subnet on your network uses DHCP for address assignment. The current scope has start address 192.168.1.1 and an end address of 192.168.1.200 with the subnet mask 255.255.255.0. Because of network expansion, you have added computers, bringing the total number that need DHCP for address assignment to 300. You don't want to change the IP addressing scheme or the subnet mask for computers already on the network. What should you do? a. Create a new scope with start address 192.168.2.1 and end address 192.168.2.200 with prefix length 24 and add the existing scope and new scope to a superscope. b. Add a scope with start address 192.168.1.1 and end address 192.168.2.200 with the subnet mask 255.255.255.0. Then delete the existing scope. c. Create a new scope with start address 192.168.1.1, end address 192.168.2.200, and prefix length 16. d. Add another DHCP server. Using the split scope wizard, split the existing scope with the new server and assign each server 100% of the addresses.
a
After setting up a VPN connection on a Windows 10 system, which of the following command will help you verify the VPN connection details? a. Get-VpnConnection b. Show-VpnConnection c. Set-VpnConnection d. Display-VpnConnection
a
Folders added to a namespace can be described as which of the following? a. Pointers to existing shared folders b. Copies of existing folders that are initially empty c. Copied to a staging area automatically d. Copies of existing folders
a
In DFS, what are the differences between Windows Server 2008 mode and Windows Server 2000 mode? a. Server 2008 mode supports 50,000 folders and access-based enumeration, and Server 2000 mode supports 5000 folders. b. Nothing a user can see. c. Server 2008 mode supports 15,000 folders and access-based enumeration, and Server 2000 mode supports 5000 folders. d. Server 2008 mode supports 75,000 folders, and Server 2000 mode supports 10,000 folders.
a
What do connection request policies specify? a. Which RADIUS servers handle connection requests from RADIUS clients b. Which users and groups can connect, what times they can access the network, and what conditions apply c. a and b d. None of the above
a
What do network policies specify? a. Which users and groups can connect, what times they can access the network, and what conditions apply b. Which RADIUS servers handle connection requests from RADIUS clients c. a and b d. None of the above
a
What feature allows you to create VPN connections that can be distributed to users' computers so that VPN clients do not have to be configured on each client station? a. VPN connection profiles b. VPN reconnect policies c. NPS Network Policy d. RA User Properties
a
What is the largest number of namespace servers recommended in a domain? a. 16 b. 32 c. 48 d. 64
a
What is the metric used by the dynamic routing protocol you configure in Routing and Remote Access? a. Hop count b. Least cost c. Ping time d. Bandwidth
a
What specific technology is included in SMB 3.0 that operates automatically and provides fault tolerance to improve performance in a connection between a client and a server providing an SMB share? a. SMB multichannel b. SR-IOV c. SMB Connect d. SMB Direct
a
What technology can be implemented to allow you the ability to configure priorities for different types of network traffic so that delay-sensitive data is prioritized over regular data? a. Quality of Service b. DCB Exchange c. SET d. LACP
a
What template type would you use to specify a reusable password to validate connections between RADIUS servers and NAS? a. shared secrets b. RADIUS clients c. remote RADIUS servers d. IP filters
a
When a connection request requires authentication from another domain controller and is sent to an NPS server acting as a RADIUS proxy, what specific part of the network policy determines the server to which the request is routed? a. Realm b. Weight c. PEAP d. Priority
a
When a vNIC's performance is increased by delivering packets from the external network directly to the vNIC, bypassing the management operating system, what specific technology is being used? a. Virtual machine queue b. Quality of Service c. NIC acceleration d. Receive side scaling
a
When configuring a DFS namespace, which mode provides increased scalability and access-based enumeration? a. Windows Server 2008 mode b. Windows Server 2016 mode c. Windows Server 2012 mode d. The stand-alone mode in a clustered environment
a
When configuring network policies, after you have configured your RADIUS servers and clients, which specific policy allows you to specify attributes for how the access client is connecting to the network? a. Connection properties b. Day and time restrictions c. Gateway properties d. RADIUS client properties
a
When should share permissions be set? a. Before DFS configuration. b. Never; DFS handles all permissions. c. During DFS configuration. d. After DFS configuration is finished.
a
When using IPAM, it is critical for a system administrator to understand how IPAM views the IP address space. Which of the following units best represents an IP space that consists of one or more IP address ranges that are logically grouped by some criteria? a. IP address range group b. Unmapped address space c. IP address block d. IP address range
a
When using an SSTP protocol, which of the property of the VPN server should you know? a. VPN server name b. Type of VPN server c. Domain name d. VPN server IP address
a
Where are changed files cached until replication is finished? a. The Staging folder for the folder being replicated b. No caching is done c. The Staging folder on the target server d. Caching folders in the C:\DFScache folder on the namespace server
a
Which DirectAccess IPv6 transition technology uses Secure Sockets Layer over port 443? a. IP-HTTPS b. Teredo c. ISATAP d. 6to4
a
Which IPAM administration delegation group allows its members only to monitor and manage IPAM tasks? a. IPAM MSM Administrators b. IPAM ASM Administrators c. IPAM Audit Administrators d. IPAM TSK Administrators
a
Which VPN tunnel type requires the firewall to allow TCP port 443? a. SSTP b. PPTP c. PPP d. L2TP/IPsec
a
You are in the process of setting up a virtual machine with multiple cores and wish to reduce the overhead in getting packets from the physical network to your virtual machine. What Windows Server 2016 feature can be implemented to allow you to utilize more than one queue on the host adapter with each queue having a vCPU core to process data? a. Virtual machine multi-queue b. Virtual machine queue c. Data center bridging d. SMB multichannel
a
You have a DHCP server with two NICs: NIC1 and NIC2. NIC1 is connected to a subnet with computers that use DHCP for address assignment. NIC2 is connected to the data center subnet where all computers should use static addressing. You want to prevent the DHCP server from listening for DHCP packets on NIC2. What should you do? a. Configure bindings. b. Disable the scope. c. Create a filter for NIC2. d. Configure failover.
a
You have been assigned the task of installing the IPAM feature on a Windows client computer running Windows 10. What specific set of tools should you acquire from the Microsoft Download Center to facilitate this task? a. Remote Server Administration b. IPAM Manager c. Remote Administration Console d. IPAM client
a
You have four printers that are accessed via their IP addresses. You want to be able to use DHCP to assign addresses to the printers, but you want to make sure they always have the same address. What's the best option? a. Create reservations. b. Create exclusions. c. Configure filters. d. Configure policies.
a
You have just finished the Add Roles and Features Wizard and clicked the IPAM node in Server Manager. The IPAM Server Tasks window indicates that you're connected to the IPAM server. What should you do next? a. Provision the IPAM server. b. Configure server discovery. c. Start server discovery. d. Select servers to manage.
a
You have recently installed the IPAM Server feature on a server running Windows Server 2016. You chose manual provisioning during installation. You have 15 servers to be managed by IPAM and have decided that the manual provisioning tasks are too much work. You want to use Group Policy provisioning instead. What should you do? a. Uninstall IPAM and reinstall it, making sure to select Group Policy provisioning in the "Provision the IPAM server" step. b. Create a GPO, configure the IPAM-Provisioning setting, and link the GPO to an OU containing the IPAM server account. c. Run the Invoke-IpamGpoProvisioning -GroupPolicy PowerShell cmdlet. d. Delete any GPOs you have created. In the Overview window of the IPAM console, enable Group Policy provisioning.
a
You recently configured IPAM in your Windows Server 2016 domain. When you view the Server Inventory window, you notice that one DHCP server isn't displayed. This missing server runs Windows Server 2012 R2 in a workgroup configuration and is located in the Engineering Department. Which of the following actions is most likely to display the missing server in the Server Inventory window? a. Join the server to the domain. b. Upgrade the server to Windows Server 2016. c. Uninstall DHCP from the server. d. Configure the server's firewall.
a
You want all computers in the Management Department to use a default gateway that's different from computers in other departments. All departments are on the same subnet. What should you do first on the server? a. Create a User Class. b. Create a new scope. c. Create an allow filter. d. Create a Vendor Class.
a
Your organization has decided to expand its infrastructure using a cloud provider's IaaS offerings. What Windows Server 2016 technology will allow your organization to move a share of its private cloud infrastructure to the cloud provider's network while maintaining the current subnet infrastructure? a. Hyper-V Network Virtualization b. Software Defined Networking c. VSID d. Virtual Extensible LAN
a
If the DNS resolver queries are signed by DNSSEC, which of the following is achieved? [Choose all that apply.] a. Integrity b. Authenticity c. Confidentiality d. Accountability
a, b
What client authentication method can PEAP use? (Choose all that apply.) a. Passwords b. Certificates c. Biometrics d. None of the above
a, b
When determining access which NPS policies define who, how and when RADIUS client connections are granted? (Pick 2) a. connection request b. network c. encryption d. RADIUS clients e. NPS advanced f. all are correct
a, b
Which of the following are criteria you can use with conditions in DHCP policies? (Choose all that apply.) a. Vendor Class b. MAC address c. OS version d. SSID
a, b
Which of the following are services provided by the Remote Access server role? (Choose all that apply.) a. Network Address Translation b. Web Application Proxy c. Windows Server Update Services d. Internet Information Services
a, b
What criteria can a RADIUS proxy use to determine where to forward a request? (Choose all that apply.) a. The priority assigned the server b. The weight assigned the server c. The availability of the server d. The IP address of the server
a, b, c
Which of the following are benefits of using a PKI instead of self-signed certificates when configuring DirectAccess? (Choose all that apply.) a. Better security b. Support for multisite configurations c. Two-factor authentication support d. Simpler DirectAccess client deployment
a, b, c
To what formats does RADIUS accounting write? (Choose all that apply.) a. Event log b. SQL Server c. RADIUS accounting format d. Text file
a, b, d
When troubleshooting your BranchCache configurations, what specific commands will allow you to verify that all your clients are using the same caching mode, caching is enabled, and the cache is not full? (Choose all that apply.) a. Get-BCStatus b. Get-BCDataCache c. Show-BCDataCache d. netsh branchcache show status all
a, b, d
When utilizing the Windows Server 2016 distributed firewall policies, which of the following features are provided? (Choose all that apply.) a. Firewall solution for multitenant virtual networks b. VMs moved among Hyper-V hosts without reconfiguring the firewall c. Operating system dependent protection of VMs d. A scalable software-based firewall solution
a, b, d
Which of the following are required elements of a DHCP scope? (Choose all that apply.) a. Subnet mask b. Scope name c. Router address d. Lease duration
a, b, d
Which of the following is true for Network Policy Server (NPS)? [Choose all that apply.] a. Counts the number of minutes a dial-in user spends in a remote session b. Provides authentication of dial-in VPN users c. Ensure confidentiality of the data available on the network d. Provides authorization for access to network resources e. Ensures integrity of the data being access
a, b, d
Which of the following roles or protocols can benefit from using the BranchCache role service? (Choose all that apply.) a. File Server b. Web Server c. Network File System d. BITS
a, b, d
You have decided to use Microsoft SQL Server for your IPAM database. When you are provisioning IPAM, what information will you need to provide after selecting the Microsoft SQL Server option for your IPAM database? (Choose all that apply.) a. Port number b. Database name c. SQL Server IP address d. SQL Server name
a, b, d
What features and advantages are added when you choose to utilize SDN in a datacenter or enterprise network? (Choose all that apply.) a. Enhance network performance b. Define traffic flows between virtual c. and physical networks d. Increase network management costs e. Enhance network security
a, b, e
To make the VPN client successfully connect to the VPN server, which of the following should you do on the client system? [Choose all that apply.] a. Download the delta CRLs to the client's local certificate store b. Enable a firewall exception in the Windows Firewall c. Download the base CRLs to the client's local certificate store d. Configure the network adapter to accept dynamic IP address
a, c
Which authentication methods does NPS use? (Choose all that apply.) a. Passwords b. Smart cards c. Certificates d. Biometrics
a, c
You are currently reviewing the capabilities of Switch Embedded Teaming (SET) available in Windows Server 2016. You have decided to implement SET into your current system. Which of the following requirements must be met to utilize SET in your network? (Choose all that apply.) a. Switch independent mode must be the teaming mode utilized b. SET must use receive side scaling (RSS) c. SET requires all NICs to be identical and operate at the same speed d. You must use only physical servers connected to the physical network
a, c
The Distributed File System role service provides which of the following? (Choose all that apply.) a. Access to files across the network b. Replacement for regular backups c. Copies of files created automatically for redundancy d. Fault-tolerant access to files
a, c, d
What specific options are available to a system administrator to monitor IP address space utilization? (Choose all that apply.) a. IP address block b. IP address type c. IP address subnet d. IP address range
a, c, d
Which of the following are possible responses from an NPS server when evaluating an Access-Request message? (Choose all that apply.) a. Access-Reject b. Access-Deny c. Access-Accept d. Access-Challenge
a, c, d
If you configure Internal virtual networks on a Hyper-V server, which type of virtual machine communication will be allowed? a. Between virtual machines and the management operating system b. Virtual machines with access to a physical network c. Communication with externally located servers and clients d. Between virtual machines on the same virtualization server
a, d
After setting up a connection, when you can view the details of the connection set up between a VPN client and a VPN server, which of the following details are you likely to see? a. IP address of the server b. All of the mentioned choices c. Current status of the connection d. Authentication method e. Tunnel type used f. Name of the connection
b
By default, the network access permission for a new user is set to what? a. Allow access b. Deny access c. Control access through NPS network policyu d. Control access with Active Directory
b
DFS allow you to group shares from different servers into a single logical share called what? a. grouped share b. namespace c. distributed share d. replication
b
Data Center Bridging was designed specifically to prevent delays in delivery of data in iSCSI applications and create what is known as a lossless environment, meaning a network environment in which data delivery is guaranteed without undue delays. DCB improves performance in iSCSI deployments in several ways. Which of the below is NOT one of those ways? a. Quality of Service b. Ability to use up to 32 NICs in a team c. Deterministic performance d. DCB exchange
b
How can the referral order be customized? a. Put in nonexistent targets, forcing the system to follow your custom order. b. Use the Override Referral Ordering option. c. Exclude targets in the client's site. d. There's no way to customize the referral order.
b
If you need to enable NIC teaming on a server, which of the following minimum version of Windows Server must you have? a. Windows Server 2012 b. Windows Server 2012 R2 c. Windows Server 2016 d. Windows Server 2008
b
In the IPAM view of the IP address space, which unit is a pool of continuous addresses in an IP address block and usually corresponds to a DHCP scope? a. IP address block b. IP address range c. IP address range group d. Unmapped address space
b
On a Windows Server 2016, you have configured a VPN server and enabled appropriate firewall rules. You need to assign permissions to several users to allow access to the VPN server. Which of the following snap-in should you use? a. Active Directory Sites and Services b. Active Directory Users and Computers c. Routing and Remote Access Server d. Active Directory Domains and Trusts
b
RADIUS proxies distribute requests equally between servers when which of the following is true? a. Each server has a different weight. b. The servers have the same weight. c. The load balancing attribute is set. d. The servers have the same priority.
b
SDN utilizes three main network planes that define the functions of a network device. Which of the following is not an SDN plane? a. Management b. Hardware c. Control d. Data
b
To make a connection request policy apply to a wireless access point, the NAS type must be set to which of the following? a. Wireless access point b. Unspecified c. 802.11 d. None of the above
b
Virtual machine queue (VMQ) accelerates vNIC performance. What is the most significant factor affecting that improved performance? a. A dedicated queue is created for the vNIC on the physical NIC b. It allows bypassing the management operation system c. Packets are placed in a common queue and distributed to the destination vNIC d. The common queue is serviced by a single CPU core
b
What do you configure if you need to assign addresses dynamically to applications or services that need a class D IP address? a. IPv6 relay b. Multicast scope c. Dynamic scope d. Autoconfiguration
b
What do you configure in Routing and Remote Access that specifies the server should send its routing table to its neighbors? a. Static routing b. RIPv2 c. Default route d. L2TP
b
What does the acronym IPAM denote? a. Internet Ports Address Management b. Internet Protocol Address Management c. Intranet Protocol Address Management d. Internet Postal Address Management
b
What feature is designed for network drivers and used to efficiently distribute the processing of incoming network traffic among multiple CPU cores? a. Virtual machine queue b. Receive side scaling c. QoS traffic classes d. DCB Exchange
b
What is the default naming convention for the Network Policy Server (NPS) log file, which is stored in the c:\Windows\System32\LogFiles folder? a. INyyyymmdd b. INyymmdd c. INddmmyyyy d. INddmmyy e. INmmddyy
b
What is the maximum size of a shared secret? a. 256 characters b. 128 characters c. 32 characters d. 64 characters
b
What must you do to ensure that the Windows 10 client will not use the offline file cache? a. Reduce the Recycle Bin storage capacity b. Clear the offline file cache c. Disconnect the system from the network d. Delete the hidden offline partition
b
What should you configure if you want only users who are members of particular groups to be able to connect to the VPN? a. Network Access Rule b. Network Policy c. Remote Authentication Rule d. Connection Request Policy
b
What should you define in a scope to prevent the DHCP server from leasing addresses that are already assigned to devices statically? a. Reservation scope b. Exclusion range c. Deny filters d. DHCP policy
b
What specific type of Windows Server 2016 configuration allows a cloud service provider to use a virtual machine configured as a gateway to route multiple tenants using the same physical network? a. RADIUS Server b. Windows Server Gateway c. Cloud Services Gateway d. Hybrid Gateway
b
When a certificate is used for authentication, the certification authority must be trusted by the client or server. To be trusted, it must have which of the following in the Trusted Root Certification Authorities certificate store? a. Authenticated certificate b. CA certificate c. Trusted CA d. Client certificate
b
When using Windows Server 2106, you can manage DHCP and DNS servers across multiple domains. However, what specific type of relationship must exist between all forests that you wish to manage? a. One-way outgoing trust b. Two-way trust c. One-way incoming trust d. Two-way limited trust
b
Which VPN tunnel type uses an Internet Key Exchange? a. PPP b. L2TP/IPsec c. PPTP d. SSTP
b
Which command should you execute to view the status of BranchCache on the client? a. branchcache show status all b. netsh branchcache show status all c. Get-branchcache show status all d. show branchcache show status all
b
Which of the following is NOT a NIC Teaming Mode? a. Switch Independent b. Address Hash c. Static Teaming d. Link Aggregation Control Pro
b
Which of the following is a standard tunneling protocol, operating over UDP port 4789, that permits communication within virtual networks and between virtual networks and the physical network? a. RDID b. VXLAN c. VSID d. NVGRE
b
Which of the following is not a template type? a. Shared secrets b. Certificates c. RADIUS clients d. Remote RADIUS servers
b
Which of the following specific views under the IPAM console's navigation IP Address Space pane link allows you to display the IP address range group that's organized by device type? a. IP Address Range Groups b. IP Address Inventory c. Unmapped Address Space d. IP Address Blocks
b
Which of the following technologies was designed to avert delays in delivery of data in iSCSI applications and create a "lossless" environment? a. Link Aggregation Control Protocol b. Data center bridging c. Quality of Service d. DCB Exchange
b
Which role service should you install if you want client computers to be able to authenticate an IPsec connection with Kerberos proxy? a. Remote dial-in b. DirectAccess and VPN c. Routing d. Web Application Proxy
b
Which service is used with routing to translate private IP addresses to public IP addresses to facilitate hosts accessing the internet on a private network? a. VPN b. NAT c. IIS d. RAS
b
You are a senior system administrator and have decided to delegate specific IPAM administration tasks to some of your junior system administrators. What IPAM group should you use to allow members to view IP address tracking data? a. IPAM Users b. IPAM IP Audit Administrators c. IPAM ASM Administrators d. IPAM MSM Administrators
b
You have been assigned the task of managing a group of Windows 2016 Servers that are currently utilizing NIC teaming. You would like to view a list of the NIC teams that currently exist on a specific server. What PowerShell cmdlet should you use? a. Get-LbfoTeam b. Get-NetLbfoTeam c. Show-NetLbfoTeam d. Set-LbfoTeam
b
You have defined a scope on your DHCP server with the start address 172.16.1.1, end address 172.16.1.200, and prefix length 16. You want to create another scope on the server. Which of the following is a valid scope you can create on this server? a. Start address 172.19.1.1, end address 172.19.1.255, prefix length 24 b. Start address 172.17.1.1, end address 172.17.1.200, prefix length 16 c. Start address 172.16.2.1, end address 172.19.2.100, prefix length 16 d. Start address 172.31.0.1, end address 172.31.1.254, prefix length 8
b
You notice that some information shown in the DHCP console for DHCP leases doesn't agree with lease information you see on some client computers where you used ipconfig /all. What should you do to make DHCP information consistent? a. Back up and restore the database. b. Reconcile the scopes. c. Create a deny filter for the leases that look wrong. d. Delete the dhcp.mdb file and click Refresh
b
You want to deploy IPAM in your network. You have four servers running and need to decide on which server you should install the IPAM Server feature. Which of the following server configurations is the best solution? a. Windows Server 2016 standalone server running DHCP b. Windows Server 2016 member server running Web Server c. Windows Server 2016 domain controller d. Windows Server 2016 member server running DHCP
b
You want to migrate IPAM from a server using Microsoft SQL to a new server on which you have just installed IPAM. Which of the following PowerShell cmdlets should you use to migrate the SQL database to the new IPAM server? a. Migrate-IpamDatabase b. Move-IpamDatabase c. Copy-IpamSQLDatabase d. Move-IpamSQLDatabase
b
You're reviewing DHCP server statistics and notice that the server has received many DHCPDECLINE messages. What should you configure on the server to reduce the number of DHCPDECLINE messages? a. DHCP policies b. Conflict detection c. Connection bindings d. DNS credentia
b
You're scanning the local cache on a DNS client, and you come across the notation ::1. What does it mean? a. The cache is corrupt. b. It's the IPv6 localhost address. c. It's the link-local address. d. It's a reverse lookup record.
b
Remote access is denied to users by default. Which of the following must you do to allow users to connect via remote access? (Choose all that apply.) a. Configure settings in the Routing and Remote Access console b. Configure dial-in settings in user accounts c. Configure a network policy in the Network Policy Server console d. Set up a VPN
b, c
Which of the following advantages would a virtual adapter gain by enabling single-root I/O virtualization when you create a virtual switch? (Choose all that apply.) a. A second virtual adapter would be created. b. It would have lower overhead. c. The virtual adapter would bypass the virtual switch software. d. The virtual adapter would not bypass the virtual switch software.
b, c
Which of the following scenarios would benefit from selecting a distributed cache mode over a hosted cache mode? (Choose all that apply.) a. Small branch office with two dedicated servers b. Small branch office with no dedicated server c. Additional resources and personnel are not available d. Unlimited resources and multiple servers are available
b, c
Which two types of packets does Secure Sockets Tunneling Protocol (SSTP) send using a Secure Sockets Layer (SSL) channel? [Choose two that apply.] a. SSTP b. PPTP c. L2TP d. HTTPS e. HTTP
b, c
A system administrator who utilizes IPAM may decide to use IPAM to manage their DHCP servers. Which of the following DHCP options can be configured within IPAM? (Choose all that apply.) a. Configure group policy DHCP preferences. b. Create and configure DHCP scopes. c. Configuring DHCP policies. d. Set user and vendor class values.
b, c, d
IPAM can provide a system administrator to manage a large enterprise environment with the ability to perform extensive auditing of its DHCP and DNS servers. What specific configurations must be in place before you can fully perform all the available auditing events IPAM offers? (Choose all that apply.) a. Account Event policies must be disabled on all domain controllers and NPS servers. b. IPAMUG group must be a member of the Event Log Readers local group on all managed servers. c. Audit User Logon Events must be enabled on all member servers. d. Account Logon Events policy must be enabled on domain controllers and NPS servers.
b, d
Which of the following need to be configured on the firewall to allow PPTP VPN connections? (Choose all that apply.) a. UDP port 4500 b. TCP port 1723 c. IP protocol ID 50 d. IP protocol ID 47
b, d
You have noticed that your DHCP service is not starting. You must immediately troubleshoot your DHCP server and determine the cause of the problem as quickly as possible. Which of the following DHCP troubleshooting steps should you perform? (Choose all that apply.) a. Reconcile all scopes. b. Verify the scope is not corrupted. c. Power cycle the DHCP Server immediately. d. Verify that the DHCP server is authorized. b. Verify the scope is not corrupted. d. Verify that the DHCP server is authorized.
b, d
After you install the DHCP Server role on a member server, what must you do before the server can begin providing DHCP services? a. Configure options. b. Activate the server. c. Authorize the server. d. Create a filter.
c
If a client is on the same site as a particular target, what will it do? a. Follow the referral ordering method b. Ignore the targets on the same site c. Always go to that target d. Go to a target randomly
c
Some of your non-Windows clients aren't registering their hostnames with the DNS server. You don't require secure updates on the DNS server. What option should you configure on the DHCP server so that non-Windows clients names are registered? a. Update DNS records dynamically only if requested by the DHCP clients. b. Always dynamically update DNS records. c. Update DNS records dynamically for DHCP clients that don't request updates. d. Configure name protection.
c
The Network Access Permission attribute for a user account is set to which of the following by default? a. Control access through Group Policy b. Deny access c. Control access through NPS Network Policy d. Allow access
c
To enable VMMQ on a VM, which of the following PowerShell cmdlets would you run on the host computer? a. Get-VMNetworkAdapter VMName -VmmqEnable $true b. Set-VMNetworkAdapter VMName -VmmqEnable $false c. Set-VMNetworkAdapter VMName -VmmqEnable $true d. Ad-VMNetworkAdapter VMName -VmmqEnable $true
c
What requirement must be met on your host's network adapter if you are planning to implement SMB Direct to reduce server processor utilization for data transfers? a. QoS must be enabled b. VMQ compatible c. RDMA compatible d. SR-IOV enabled
c
What should you configure in Routing and Remote Access if you want computers using a private IP address to access the public Internet? a. Web Application Proxy b. Dynamic routing c. NAT d. Demand-dial interface
c
What should you create if you need to service multiple IPv4 subnets on a single physical network? a. Split scope b. Relay agent c. Superscope d. Multicast server
c
What technology in Windows Server 2016 allows several network interfaces to work together in a coordinated effort to provide load balancing and fault tolerance? a. Load balancing b. Failover c. NIC teaming d. QoS
c
What's the default lease duration on a Windows DHCP server? a. 8 hours b. 16 minutes c. 8 days d. 16 hours
c
What's the model used when there's an update conflict? a. Last writer wins; losing file is deleted. b. First writer wins; losing file is deleted. c. Last writer wins; losing file is cached. d. First writer wins; losing file is cached.
c
When a RADIUS server receives a RADIUS Access-Request message from a RADIUS client, which of the following are checked against the connection request policy's conditions? a. RADIUS server's attributes b. Group policies c. Client's attributes d. Client's permissions
c
When all NPS policies on an NPS server are exported, what else is exported? a. Physical device names b. A list of client access devices c. Shared secrets d. The RADIUS accounting log
c
When configuring a GPO for BrachCache, which value should you set in in the "Type the maximum round-trip network latency (milliseconds) after which caching begins" setting so that BranchCache is always used? a. 1 b. 2 c. 0 d. 4 e. 3
c
When you create a VPN connection on a client computer, what is the default tunnel type? a. L2TP/IPsec b. SSTP c. Automatic d. PPTP
c
Which BranchCache mode of operation spreads cached data among client computers in the branch office? a. hosted cache b. redundant cache mode c. distributed cache mode d. client cache mode
c
Which IPAM component allows you to manage the IPAM server remotely, even from a computer running a Windows client OS with remote server administration tools? a. IPAM Server b. IPAM Manager c. IPAM Client d. IPAM Managed Server
c
Which IPAM topology uses a single IPAM server deployed for the entire enterprise? a. Star b. Hybrid c. Centralized d. Distributed
c
Which of the following PowerShell cmdlets allows you to install BranchCache on a file server? a. Install-Windows FS-BranchCache b. Add-WindowsFeature -BranchCache c. Install-WindowsFeature FS-BranchCache d. Install-WindowsFeature -BranchCache
c
Which of the following is the benefit of Distributed File System (DFS)? a. Data Integrity b. Load Balancing c. Data Redundancy d. Data Confidentiality
c
Which of the following is true about the two types of namespaces? a. Domain-based namespaces includes the current server name for faster name resolution. b. Stand-alone namespaces can't be replicated. c. Domain-based namespaces remain regardless of the server status where the share resides. d. Stand-alone namespaces always use more bandwidth.
c
Which of the following should you configure if you want DirectAccess clients to access the Internet through the company network? a. Intranet tunnel b. NLS c. Force tunneling d. Split tunneling
c
Which remote access feature provides a convenient and manageable secure remote connection using features available in IPv6? a. Network Address Translation b. Web Application Proxy c. DirectAccess d. VPN
c
Why might you need to create predefined options with code 060? a. To support WSUS clients b. To support Linux clients c. To support WDS clients d. To support mobile clients
c
Within the context of software-defined networking (SDN), what is the component that allows the device to be configured through a user interface by a network administrator? a. The data plane b. The control plane c. The management plane d. The administration plane
c
You are configuring connection request policies to be defined on clients and RADIUS servers. Which policy type would affect all clients attempting to connect? a. connection property b. RADIUS client c. network d. NAS type
c
You have a network of 150 computers and notice that a computer you don't recognize has been leasing an IP address. You want to make sure this computer can't lease an address from your server. What's the best solution that takes the least administrative effort? a. Create an allow filter. b. Create a new policy. c. Create a deny filter. d. Create a Vendor Class.
c
You have just set a server's manageability status to Managed. However, you have observed that the IPAM access status remains in the Blocked state. Which of the following commands can be run on the server to avoid waiting for the server to refresh its computer policies? a. gpupdate /forceupdate b. netsh /add c. gpupdate /force d. gpupdate /apply
c
You have made a change in the Group Policy. Which command will help you immediately apply the Group Policy without restarting the user systems? a. gpupdate /quick b. gpupdate /now c. gpupdate /force d. gpupdate /run
c
You want mobile devices on your network to have a shorter lease time than other devices without having a different scope. You don't have detailed information about the mobile devices, such as MAC addresses because they are employees' personal devices. What DHCP feature might you use to assign a shorter lease to these mobile devices? a. Reservation options b. Scope options c. Policy options d. Filter options
c
When configuring a VPN server, which of the following configuration must be added to the second network adapter? [Choose all that apply.] a. Subnet Mask b. DHCP server c. Static IP address d. DNS server e. Gateway
c, d
Which of the following two types of servers does Internet Protocol Address Management (IPAM) integrate to streamline the IP address management? [Choose two that apply] a. NAT b. SMTP c. DHCP d. HTTP e. DNS
c, e
Authentication methods can be overridden by using which of the following? a. Override policy b. Templates c. Network Policy node d. Connection Request Policies
d
DFS replication configuration requires a minimum of how many targets? a. One b. Four c. Three d. Two
d
If the IPAM Access Status displays "Blocked" after two attempts to refresh in the server, what should you do? a. Update the Group Policy b. Refresh the Server Manager snap-in c. Create an exception in the firewall policy d. Restart the server
d
On a Hyper-V host, how many virtual network switches can you create that are connected to an External network? a. 3 b. Multiple c. 4 d. 1 e. 2
d
What type of IPv6 address configuration uses DHCPv6? a. Unicast allocation b. Stateless autoconfiguration c. Dynamic allocation d. Stateful autoconfiguration
d
What's the algorithm used to replicate only changes made in files? a. Remote change comparison b. Remote change compression c. Remote replication connection d. Remote differential compression
d
When you provision an IPAM server, several IPAM scheduled tasks are created by default. Which of the following default tasks allows you to collect DHCP and IPAM operational events? a. AddressUtilization b. ServerDiscovery c. ServiceMonitoring d. Audit
d
Where does a referral originate when a client accesses a DFS namespace? a. From the namespace server b. From a cached copy of referrals on the server where the share is located c. From the domain controller d. From the namespace server for a stand-alone type and from the domain controller for a domain-based type
d
Which DirectAccess component allows clients to determine whether they're on the company network or a remote network? a. Kerberos proxy b. ISATAP c. PKI d. NLS
d
Which SDN plane would dictate how a switch operates and discovers the network it operates within? a. Hardware b. Data c. Management d. Control
d
Which category in the IPAM navigation pane displays information about IPAM and DHCP configuration and operational events? a. Overview b. IP Address Space c. Monitor and Manage d. Event Catalog
d
Which feature prevents the proliferation of DHCP servers that offer IP addresses to computers in the network? a. DHCP Block b. DHCP Prevent c. Single-Root I/O Virtualization d. DHCP Guard
d
Which implementation mode of BrachCache has no designated server to store the data, and each client at a remote site has its own local cache for data it downloads? a. Cache Mode b. Branch Mode c. Hosted Mode d. Distributed Cache Mode
d
Which is the best method of synchronization to reduce bandwidth with a DFS replication group made up of a main office and eight branch offices? a. Full mesh topology b. Random synchronization c. Round robin topology d. Hub and spoke topology
d
Which of the following NPS template types can specify a reusable password for validating a connection between RADIUS servers and proxies and NAS servers? a. System health agent b. NPS agent c. System health validator d. Shared Secrets
d
Which of the following features or services should you install on Windows Server 2016 if you want to improve file-sharing performance in a remote office connected to the main office by a WAN link? a. Tiered cache mode b. Hosted cache mode c. Single cache mode d. Distributed cache mode
d
Which of the following is a DHCP high-availability option that includes hot standby mode? a. DHCP Load balancing b. Superscopes c. DHCP split scope d. DHCP failover
d
Which of the following load balancing modes is the default load balancing mode on physical machines, allows traffic to be distributed evenly among all team members, and can include virtual NICs? a. Hyper-V Port b. LACP c. Address Hash d. Dynamic
d
Which remote access configuration option should you choose if you want mobile users to be able to make a secure connection to the main network and allow computers on the private network to access the Internet with a public IP address? a. Remote access (dial-up or VPN) b. Secure connection between two private networks c. NAT d. VPN access and NAT
d
Which remote access role service allows publishing web-based applications for use by clients outside the network? a. Direct Access and VPN b. Routing c. IIS d. Web Application Proxy
d
Which replication topology has all members synchronize with each other? a. net b. star c. hub and spoke d. full mesh
d
Which specific mode should you configure if you want to support multiple subnets? a. Branch cache mode b. Tiered cache mode c. Distributed cache mode d. Hosted cache mode
d
You have DHCP clients on the network that aren't domain members. You want to be sure these computers can register their hostnames with your DNS servers. Which option should you configure? a. 003 Router b. 044 WINS/NBNS Servers c. 006 DNS Servers d. 015 DNS Domain name
d
You have a DNS server running Windows Server 2016. You would like to configure the DNS server to respond to requests based on the source of the query and include the capability to filter malicious queries. Which feature should you enable? a. DNS Policy and Security b. DNS Security c. DNS Zone Policy d. DNS Policy
d
You have been assigned the task of migrating the DHCP server role to another server. Which of the following PowerShell cmdlets will allow you to transfer the DHCP server configuration and database? a. Import-Dhcp -File C:\Dhcp.xml -Leases b. netsh dhcp server export Dhcp.txt all c. netsh dhcp server import C:\Dhcp.txt all d. Export-DhcpServer -File Dhcp.xml -Leases
d
You have just installed a Microsoft SQL server and want to use it to store IPAM data, which is currently using the WID. What should you do? a. Uninstall IPAM and reinstall it, making sure to choose Microsoft SQL Server during server provisioning. b. Copy the files from C:\Windows\System32\ipam\database folder to the SQL server and import the files. c. In the IPAM Overview window, run the Change Database Storage Method Wizard. d. Run the Move-IpamDatabase PowerShell cmdlet from the IPAM server.
d
You have just provisioned an IPAM server and are ready to configure server discovery. During this process while working in the Configure Server Discovery dialog box, you have clicked Get forests to view the list of forests and domains. However, after clicking Get forests, no forests or domains are listed. What must you do to see the list of forests and domains? a. Repeat the process of provisioning the IPAM server. b. Close the Configure Server Discovery dialog box and refresh Server Manager. c. Restart the IPAM server. d. Close and reopen the Configure Server e. Discovery dialog box.
d
You have recently installed IPAM on a server running Windows Server 2016. Your network has four DHCP servers, six DNS servers, and three DCs. All the DHCP and DNS servers are domain members. When you look at the Server Inventory window, you don't see any of the DHCP servers, but you do see the DNS servers and DCs. What should you do to solve this problem? a. Reinstall IPAM on a server that isn't a DC. b. Demote the IPAM server. c. Configure the DHCP servers as workgroup servers. d. On the IPAM server, uninstall DHCP.
d
You want high availability for DHCP services, a primary server to handle most DHCP requests, and a secondary server to respond to client requests only if the primary server fails to in about a second. The primary server has about 85% of the IP addresses to lease, leaving the secondary server with about 15%. You don't want the servers to replicate with each other. What should you configure? a. Multicast scope b. Failover c. Superscope d. Split scope
d
Your company has a main office with four branch offices; each has about 30 computers and a single server running file and print services, DNS, and DHCP. There are no IT personnel at branch offices. You want to set up IPAM in your network. Which IPAM topology makes the most sense? a. Unified b. Hybrid c. Distributed d. Centralized
d
Using the Routing and Remote Access snap-in, which of the following can be configured? a. LAN Routing b. Firewall c. NAT d. VPN Gateway e. All of the mentioned choices f. Dial-up Remote Access Server
e
What is the default port used by the Secure Sockets Tunneling Protocol (SSTP) protocol for incoming connections? a. 53 b. 80 c. 8080 d. 8181 e. 443
e
Which of the condition attributes can be checked with connection request policies in a RADIUS Access-Request message? a. User name b. Connection properties c. RADIUS client properties d. Gateway properties e. All options
e
(T/F) RSS and vRSS distribute the load among multiple cores or multiple physical processors which include hyperthreading.
f
(T/F) Traditional NIC teaming is compatible with RDMA and software defined networking (SDN) version 2, available in Windows Server 2016.
f
(T/F) Using Hyper-V Network Virtualization (HNV), different businesses can use the same VM IP addressing scheme even if the VMs are running on the same host server.
t
In the DHCP server's statistics, you notice that a lot of DHCPNAK packets have been transmitted. What's the most likely reason? a. You changed the range of addresses in a scope recently. b. The DHCP server has been taken offline. c. The server is offering a lot of addresses that are already in use. d. Client computers are getting multiple offers when they request an address.
a
What is the output of the following command: "netsh interface ipv4 add dns Ethernet 192.168.0.4 index=2" a. Installs a new dns server with the IP address 192.168.0.4 b. Sets the network connection called Ethernet to use 192.168.0.4 as the DNS server c. Creates a new Ethernet connection named dns with IP address 192.168.0.4 d. Installs an alternate dns server with the IP address 192.168.0.4
a
What is the term for a DNS record that is no longer valid because the resource is offline or its name or address has changed? a. stale b. expired c. lapsed d. anachronous
a
What specific type of DNS query instructs a DNS server to process the query until the server replies with an address that satisfies the query or with an "I don't know" message? a. Recursive b. Referral c. Iterative d. resolver
a
What type of zone should you create that contains records allowing a computer name to be resolved from its IP address? a. RLZ b. FLZ c. Stub d. TLD
a
Which command would you use to release and renew the DHCP address on a machine? a ipconfig b dhcp c arp d netsh
a
You have a DNS server outside your corporate firewall that's a standalone Windows Server 2016 server. It hosts a primary zone for your public Internet domain name, which is different from your internal Active Directory domain names. You want one or more of your internal servers to be able to handle DNS queries for your public domain and to serve as a backup for the primary DNS server outside the firewall. Which configuration should you choose for internal DNS servers? a. A standard secondary zone. b. A standard stub zone. c. A forwarder to point to the primary DNS server. d. An Active Directory-integrated stub zone.
a
You have a primary zone stored in the myzone.local.dns file. Some devices that aren't domain members are creating dynamic DNS records in the zone. You want to make sure only domain members can create dynamic records in the zone. What should you do first? a. Configure the Store the zone in Active Directory option b. Configure the None option for dynamic updates c. Configure the Secure only option for dynamic updates d. Configure permissions in the Security tab of the zone's Properties dialog box
a
You have delegated a subdomain to a zone on another server. Several months later, you hear that DNS clients can't resolve host records in the subdomain. You discover that the IP address scheme was changed recently in the building where the server hosting the subdomain is located. What can you do to make sure DNS clients can resolve hostnames in the subdomain? a. Edit the NS record in the delegated zone on the parent DNS server b. Edit the NS record in the delegated zone on the DNS server hosting the subdomain c. Configure a forwarder pointing to the server hosting the subdomain d. Configure a root hint pointing to the server hosting the subdomain
a
You have several hundred client computers using WINS to resolve names of some enterprise servers. Many of the client computers are laptops used to connect to the network remotely. You're trying to eliminate WINS from your network to reduce the number of protocols and services you must support. With the least administrative effort, what can you do that allows you to stop using WINS yet still allows clients computers to use a single-label name for accessing enterprise servers? a. Create a GlobalNames zone and add CNAME records for enterprise servers. b. Create a Hosts file containing servers' names and addresses and upload this file to each client that needs it. c. Configure each client computer with the correct domain suffix. d. Create a stub zone and add CNAME records for each enterprise server.
a
You're in charge of a standard primary zone for a large network with frequent changes to the DNS database. You want changes to the zone to be transmitted as quickly as possible to all secondary servers. What should you configure and on which server? a. Configure DNS notifications on the primary zone server b. Configure DNS recursion on the secondary zone servers c. Configure round robin on the primary zone server d. Configure a smaller default TTL for the primary zone server
a
Your company just opened a small branch office where 10 computer users will work. You have installed a single Windows Server 2016 computer configured as a member server for basic file and print server needs. Users require DNS to access the Internet and to resolve names of company resources. You decide to install DNS on the existing server. Which of the following types of installations makes the most sense? a. A primary server hosting a standard zone b. An Active Directory-integrated zone hosting the zone in which the server is a member c. A caching-only DNS server d. A server that's a forwarder
a
You're having trouble with logons and other domain operations in your domain named csmtech.local. You want to verify that your domain clients can find domain controllers. Which of the following can you do? (Choose all that apply.) a. Use the dcdiag /test:dns /DnsRecordRegistration command b. Look at the %systemroot%\System32\Config\netlogon.dns file c. Look at the %systemroot%\System32\dns\cache.dns file d. Use the nslookup -type = CNAME -domain=csmtech.local command
a, b
What should you do if you have a single large namespace that caters to multiple branch offices? [Choose all that apply.] a. Split it into multiple smaller namespaces b. Delegate access to the branch administrators on the single namespace c. Delegate each zone to the DNS server to maintain the resource records (RRs) d. Keep it centralized for ease of management
a, c
Which of the following are true about the DHCP protocol? (Choose all that apply.) a. There are eight message types. b. DHCPDISCOVER messages sent by clients traverse routers. c. It uses the UDP Transport-layer protocol. d. An initial address lease involves three packets.
a, c
Domain Name System Security Extension (DNSSEC) provides specific features and protocols for validating server responses. Which of the following methods are used by DNSSEC to ensure that data they receive from DNS queries are accurate and secure? (Choose all that apply.) a. Data integrity b. Authenticated zone signing c. Authenticated denial of existence d. Origin authentication of DNS data
a, c, d
Your organization spans multiple geographical locations. The name resolution is happening with a single DNS zone for the entire organization. Which of the following is likely to happen if you continue with the single DNS zone? [Choose all that apply.] a. Administrative burden b. Higher security c. Granular application of policies d. Centralized management e. Name resolution traffic goes to the single zone
a, d, e
A resource record containing an alias for another record is which of the following record types? a. A b. CNAME c. NS d. PTR
b
After installing the DHCP server on a server, what is the next step you need to take? a. Restart the DHCP server b. Authorize the DHCP server c. Configure the DHCP server d. Configure the DHCP pools
b
After utilizing Performance Monitor to analyze your DNS server, you have decided to optimize your server's performance. After investigating the possible system-settings you can configure, you decide to set the receive buffer to the maximum and enable RSS. Which type of setting will allow you to accomplish this task? a. System configuration b. NIC Settings c. Recursion settings d. Zone settings
b
For you to create a Superscope, what is the minimum number of scopes that should already exist in the DHCP server? a. 8 b. 2 c. 10 d. 1 e. 6 f. 4
b
How many DNS root servers are there in the world? a. 1 b. 13 c. Hundreds d. Thousands
b
If you use GlobalNames, use of which of the following can be avoided? a. DNS b. WINS c. DHCP d. RDP
b
In a DNS database zone, which resource record consists of a computer name and IPv4 address? a. CNAME b. Host (A) c. Alias d. SOA
b
What determines which Active Directory partition the zone is stored in and to which DCs the zone information is replicated? a. zone delegation b. zone replication scope c. zone transfer d. stub zone
b
What is the default IP address lease period for a client on the network? a. 5 days b. 8 days c. 3 days d. 10 days
b
What is the term for transferring authority for a subdomain to a new zone? a. zone transfer b. zone delegation c. zone authorization d. zone designation
b
What term describes the problem that occurs when a non-Windows computer registers a name with the DNS that is already used by a Windows computer on the network? a. Name collision b. Name squatting c. Name stealing d. Name redundancy
b
What will happen if you manually edit the DNS zone file and then reload it in the DNS Manager? a. It will reload as a new zone. b. It will apply the changes in the DNS Manager. c. It will corrupt the existing zone records. d. It will fail to reload.
b
Which is the physical layer address that's an integral part of a network interface card? a IP address b MAC address c DHCP address d Source address
b
Which of the following command is likely to provide the list of Host(A) records? a. ls -t aa practicelabs.com b. ls -t a practicelabs.com c. ls -t srv practicelabs.com d. ls -t mx practicelabs.com
b
Which of the following files contains the root DNS mapping? a. CacheDNS.xml b. Cache.dns c. Cache.txt d. Cache.xml
b
Which of the following is not an advantage of using Active Directory-integrated zones? a. Provides automatic zone replication b. Can be stored on member servers c. Is able to configure secure updates d. Gives multimaster updates
b
Which of the following types of attack can be prevented by using Response Rate Limiting (RRL)? a. TCP SYN Flood b. DNS Amplification c. DNS Tunneling d. DNS Hijacking e. Cache Poisoning
b
Which IP network address expressed in CIDR notation can support a maximum of 1022 hosts? a) 172.29.128.0/18 b) 192.168.100.64/26 c) 172.16.4.0/22 d) 10.100.44.0/24
c
You have a DNS server that has multiple network interface cards, one is an internal interface and the second is an external interface that faces the Internet. You would like to enable recursion for your internal DNS clients and disable it for any Internet clients. Which Windows Server 2016 DNS feature will allow you to specify which DNS queries will use recursion and which DNS queries will not? a. DNS recursion zones b. DNS recursion scope c. DNS recursion rules d. Recursion permissions
b
You have an Active Directory-integrated zone named csmtech.local on the DNS1 server. The forest root Active Directory domain is csmtech.local. Why is the _msdcs subdomain zone delegated on the DNS1 server? a. To allow Windows clients to access Microsoft services b. To change the replication scope of _msdcs c. To offload the DNS processing required of DNS1 d. To allow dynamic updates to the _msdcs zone
b
You have decided to install the DNS server role on Nano Server. What specific type of zone configuration is not supported when using the DNS on Nano Server? a. Standard directory-based b. Active Directory-integrated c. Replication-integrated d. Standard file-based
b
You have noticed that one of your DNS servers has possibly been compromised. You believe that a cached DNS entry for your domain is being targeted by an attacker. What new feature in Windows Server 2016 could you use on your DNS server to help prevent a man-in-the-middle attack in which your cached DNS entry for your domain is altered by an attacker? a. DNS Cache Locking b. DNS-based Authentication of Named Entities c. DNS-Expiration d. Authenticated-DNS
b
You want to verify whether a PTR record exists for the server1.csmtech.local host, but you don't know the server's IP address. Which of the following commands should you use to see whether a PTR record exists for server1.csmtech.local? a. ping -a server1.csmtech.local, and then ping IPAddress returned from the first ping b. nslookup server1.csmtech.local, and then nslookup IPAddress returned from the first nslookup c. dnscmd /PTR server1.csmtech.local d. dnslint /PTR server1.csmtech.local
b
You want a DNS server to handle queries for a domain with a standard primary zone hosted on another DNS server, and you don't want the server to be authoritative for that zone. How should you configure the server? (Choose all that apply.) a. As a secondary zone on the DNS server b. As a stub zone on the DNS server c. As a forwarder on the DNS server d. Configure zone hints for the primary zone
b, c
Which of the following is true about stub zones? (Choose all that apply.) a. They're authoritative for the zone. b. Their records are updated by the primary server automatically. c. They can't be Active Directory integrated. d. They contain SOA and NS records
b, d
The DNS server at your headquarters holds a standard primary zone for the abc.com domain. A branch office connected by a slow WAN link holds a secondary zone for abc.com. Updates to the zone aren't frequent. How can you decrease the amount of WAN traffic caused by the secondary zone checking for zone updates? a. In the SOA tab of the zone's Properties dialog box, increase the minimum (default) TTL. b. In the Advanced tab of the DNS server's Properties dialog box, increase the expire interval. c. In the SOA tab of the zone's Properties dialog box, increase the refresh interval. d. In the Zone Transfers tab of the SOA Properties dialog box, decrease the retry interval.
c
Using subnet masks that can be configured regardless of the IP address class is known as Classless Interdomain ______, or CIDR a Re-broadcast b Resolution c Routing d Repeater
c
What is a device that can listen for broadcast DHCP messages and forward them to a DHCP server on another subnet? a. DHCP repeater b. DHCP router c. DHCP relay agent d. DHCP switch
c
What is the name of a DNS server that maintains the addresses of other DNS servers within a top-level domain? a. Root server b. Authoritative server c. Top-level domain server d. Fully qualified name server
c
What is the output of the following command? Get-DnsServerTrustAnchor -name secure.practicelabs.com -computername PLABDC01 a. Creates a new trust point on the PLABDC01 b. Refreshes the trust point on all DNS servers c. Updates the trust points created earlier on the PLABDC01 d. Creates a new trust point on all DNS servers from PLABDC01
c
What message type does a server send if it cannot fulfill a request for renewal? a. DHCPDECLINE b. DHCPACK c. DHCPNAK d. DHCPRELEASE
c
What type of record does DNS create automatically to resolve the FQDN of an NS record? a. PTR b. CNAME c. Glue A d. Auto SRV
c
When a DNS server responds to a query with a list of name servers, what is the response called? a. Iterative b. Recursive c. Referral d. Resolver
c
Which DHCP options allow the assigning of IP address options based on client properties such as device type, MAC address and OS? a. Server options b. Scope options c. Policy options d. Client options
c
You manage the DNS structure on your network. The network security group has decided that only one DNS server should contact the Internet. Under no circumstances should other servers contact the Internet for DNS queries, even if the designated server is down. You have decided that the DNS server named DNS-Int should be the server allowed to contact the Internet. How should you configure your DNS structure to accommodate these requirements? a. On each DNS server except DNS-Int, configure a forwarder pointing to DNS-Int. Configure DNS-Int as a forwarder by enabling forwarded requests in the Forwarders tab of the server's Properties dialog box. b. On each DNS server except DNS-Int, configure a root hint to point to DNS-Int and delete all other root hints. Configure a root zone on DNS-Int. c. On each DNS server except DNS-Int, configure a forwarder pointing to DNS-Int. Disable the use of root hints if no forwarders are available. No changes are necessary on DNS-Int. d. On each DNS server except DNS-Int, in the Advanced tab of the server's Properties dialog box, disable recursion. No changes are necessary for DNS-Int.
c
You want to give a junior administrator access to DNS servers so that he can configure zones and resource records, but you don't want to give him broader administrative rights in the domain. What should you do? a. Delegate control for the OU where the DNS computer accounts are. b. Add his account to the Administrators group on all DNS servers. c. Make his account a member of DnsAdmins. d. Add his account to the Administer DNS Servers policy.
c
You're in charge of a small group of DNS servers running Windows Server 2016. After careful review of your current security policies, you have decided you need to protect your servers from DNS amplification attacks. What specific feature can be used in Windows Server 2016 to provide you the resources to complete this task? a. DNS Rate Limiting b. DDoS mitigation c. Response Rate Limiting d. DNS Cache Locking
c
You have two DCs, each with three Active Directory-integrated zones. You're getting inconsistent DNS lookup results and suspect there is a problem with Active Directory replication. What tool can you use to investigate the problem? (Choose all that apply.) a. nslookup b. dnscmd c. dcdiag d. ipconfig
c, d
What would be the mandatory information that you will require when creating a reservation for a client? [all that apply] a. Domain name b. Domain controller name c. MAC address d. Reservation name e. IP address
c, d, e
After distributing the Trust Anchors (TAs) to a secondary domain controller, if you find the Trust Anchors folder to be empty in DNS Manager of the secondary domain controller, what should you do? a. Restart the secondary domain controller b. Close the DNS Manager and re-open it c. Create an exception in the firewall policy for DNS traffic d. Restart the DNS server from the DNS Manager e. Paste the TAs in this folder
d
At which step of the DHCP assignment process does the server send default gateway and DNS server addresses? a. DHCPDISCOVER b. DHCPOFFER c. DHCPREQUEST d. DHCPACK
d
If your domain name is practicelabs.com, then what would be the zone file name? a. Dns.practicelabs.com b. practicelabs.dns c. practicelabs.com d. practicelabs.com.dns
d
(T/F) A reservation address can be within an exclusion range?
t