ITNW - Chapter 04 & 05

Ace your homework & exams now with Quizwiz!

You are the network administrator ro Corpnet.xyz. All of the servers run Windows Server 2016. You have deployed a server named IPAM1 that has the IPAM feature installed on it. A user named User1 works at the company help desk. You need to enable User1 to view all the information in Server Discovery, IP Address Space, and Server Management as well as IPAM and DHCP server operational events. User1 should not be able to view IP address tracking information. What should you do?

Add User1 to the IPAM Users group.

You are the network administrator for CorpNet.com. All of the servers run Windows Server 2016. You have two servers that have the IPAM feature installed on them. The servers are named IPAM1 and IPAM2. You need to remotely manage the IPAM feature on IPAM2 from IPAM1. What should you do? (Select two. Each answer is part of the complete solution.)

Add your user account to the winRMRemoteWMIUsers_group on IPAM2. On IPAM1, add IPAM2 to Server Manager.

Match each IPAM configuration step on the left with its associated description on the right.

Allow a user to manage an IPAM server: Add the user account to the IPAm Administrators local group on the IPAM server. Allow a user to access an IPAM server from a remote IPAM client: WinRMRemoteWMIUsers_group Manage an IPAM server from a remote system: Add the IPAM server to the pool of servers managed by Server Manager.

Match the view in the IP Address Space node of the IPAM console with the tasks that can be performed in that view on the right. Each view may be used more than once.

Blocks Addresses Addresses Ranges Addresses Ranges Ranges

You are the network administrator for a small company using Windows Server 2016 and Windows 10 clients. A few of the company's employees want to work from home occasionally. You have decided to provide access using a VPN. What should you do?

Configure a remote access VPN.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. All the servers run Windows Server 2016. All the clients run Windows 10. westsim.com has a number of product specialists who travel to remote areas. The product specialists complain that their internet connections frequently fail, forcing them to reconnect to the company's VPN server. The server and the clients use the L2TP with IPSec VPN protocol. You need to improve VPN performance by allowing the clients to automatically reconnect to the company VPn is the client's internet connection should fail.

Configure the VPN connection to use the Internet Key Exchange version 2 (IKEv2) VPN protocol.

What must you do to manage DHCP and DNS servers across multiple forests?

Create a two-day trust.

Rachel is a system administrator. She decides to use IPAM to manage her DHCP servers. Which of the following DHCP features can be configured within IPAM? (Select all that apply.)

Create and configure DHCP scopes. Configuring DHCP Exclusions.

Ethan wants to use IPAM to audit its DHCP and DNS servers. What types of audits can Ethan perform? (Select two.)

DHCP lease events and user logon events Changes to DNS and DHCP servers

You need to define a new IPv4 DHCP scope on the DC1 server in the westsim.com domain. Click the option in the IPAM console that you should use to accomplish this task.

DNS and DHCP Servers

You are a network administrator for your company. All servers are running Windows Server 2016. Most of the workstations are running Windows 10, 64-bit, however a few computers had to be installed as Windows 10 32-bit machines. You want to create a connection profile using the Connection Manager Administration Kit (CMAK) wizard. To create a connection profile that will work on the 32-bit system, what must you do?

Download, install, and run Remote Server Administration Tools for Windows 10 and run it from a 32-bit machine.

You want to allow users to connect to the private network. Users will connect to the internet while on the road, then connect to the private network. All users will use laptops that run Windows 10. You configure a Windows Server 2016 as a router. During a random check one day, you notice that some connections are using PPTP while others are using L2TP. You want to force all connections to use L2TP. What should you do?

In Routing and Remote Access, edit the Ports node. Disable remote access and demand-dial routing connections for PPTP.

To allow users in your company to work from home, you have decided to provide remote access areas. Users will connect to the remote access server over the internet. This will allow them to access all resources on the company network. You install Windows Server 2016 on a new server and configure it for remote access. You configure the network policies to allow connections between 7:00am and 8:00pm. The next day, you get a call from one of the users reporting that she can connect to the remote access server, but can't access any resources on the company network. YOu ask her to ping a server on the private network using its IP address, but the ping fails. However, from the remote access server, you can access all resources on the private network. What should you do?

In Routing and Remote Access, enable LAN routing on the server.

You are the systems administrator for your company's network. You have 600 workstations running Windows 10, three DHCP Servers, and two DNS Servers. You want to centrally manage your DHCP and DNS servers. What should you do?

Install IPAM to manage your DHCP and DNS servers.

When you initially provisioned the IPAM server running on your Windows Server 2016, you configured it to use the Windows Internal Database (WID) server running on the same system. However, because of the size of your organization's network, you have determined that the IPAM server needs to be configured to use a Microsoft SQL database running on a different server. This will divide up the workload between the two servers and provide better overall performance. To accomplish this, you need to move the existing IPAM database from the WID server on the local computer to the MS SQL database server. Which PowerShell cmdlets should you use to accomplish this task? (Select two. Each answer is a part of the complete solution.)

Move-IpamDatabase Set-IpamDatabase

VPN tunneling protocols encrypt packet contents and wraps them in an unencrypted packet. Which of the following networking devices or services prevents (in most cases) the use of IPsec as a VPN tunneling protocol?

NAT

You have been put in charge of providing a VPN solution for all members of the sales team. Laptops used by sales team members run Windows 10. All remote access servers run Windows Server 2016. You decide to implement SSTP for the VPN solution. Your company security policy mandates that only necessary firewall ports be opened. What should you do?

Open port 442 in the firewall.

You are configuring routing on a Windows Server 2016 system. The server has two network interfaces installed. Each one is connected to a different network segment. You have installed and enabled the Routing and Remote Access role on the server. Rather than manually configure static routes on the server, you want to configure it to communicate with other routers already in the network to dynamically build its routing table? Click on the routing protocol you would use to do this.

RIP Version 2 for Internet Protocol

You are the network administrator for corpnet.com. All of the servers run Windows Server 2016. You have installed the IPAM Feature on a server named IPAM1. You configure the server using the Group Policy provisioning method. After gpupdate /force fails, you discover that there are no Group Policy objects related to IPAM in Active Directory. You need to create the relevant GPOs to successfully deploy IPAM in the environment. What should you do?

Run the Invoke-IPAMGPOProvisioning cmdlet.

You have been put in charge of providing a VPN solution for all members of the sales team. Sales team members have been issued new laptop computers running Windows 10. All remote access servers run Windows Server 2016. The salesmen have been complaining that with the previous VPN solution, there were many times that they were unable to establish the VPN solution because the hotel or airport firewalls blocked the necessary VPN ports. You need to come up with a solution that will work in most instances.

Secure Socket Tunneling Protocol (SSTP)

You are the network administrator for a growing company based in Texas. Due to rapid growth, your company has acquired two additional companies, one in Idaho and one in Minnesota. All servers in these three sites are running Windows Server 2016. All clients in these three sites are running Windows 10. The company president has asked you to provide a private persistent connection between all sites making the computer resources from each location available to employees at the other locations. You have decided to provide the required connections using VPN. Which type of VPN would best meet the specified requirements?

Site-to-site

You are the network administrator for a small company that implements NAT to access the internet. However, you recently acquired five servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new servers but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network yet still allow them to be accessible to the public from the outside. What method of NAT translation should you implement for these five servers?

Static

You are a network administrator for a small company. All servers are running Windows Server 2016. All clients are running Windows 10. Your company has just opened a branch office in a different part of the country. To provide access to network resources between sites, you have determined that a Windows Server 2016 site-to-site VPN using a Remote Access Services (RAS) gateway would work best for your needs. Before creating a site-to-site VPN, what must you install first? (Select two.)

The Remote Access role The DirectAccess and VPN (RAS) role service

Which of the following are good reasons to enable NAT?

To translate between internet IP addresses and the IP addresses on your private network.

Match the type of VPN with its description.

Two hosts establish a secure channel and communicate directly: Host-to-host Routers on the edge of each site establish a VPN with the router at the other location: Site-to-site Allow individual users to establish secure connections with a remote computer network: Remote access

You are the network administrator for Corpnet.xyz. All of the servers run Windows Server 2016. You have installed the IPAM Feature on a server named IPAM1. You configured the server using the manual provisioning method. After you configured the server, management released a new policy that requires all IPAM servers to be provisioned using Group Policy. You need to change the provisioning method of the IPAM1 server. What should you do?

Uninstall and then reinstall the IPAM feature on IPAM1.

You want your mobile devices to have a shorter lease duration than your desktop computers. You are using IPAM to manage your DHCP servers. How can you accomplish this task?

Use IPAM to create a DHCP policy.

You are the network administrator for your company. Your network consists of a single Active Directory domain with all the servers running Windows Server 2016 and all client computers are running Windows 10. Your company has one main office and several branch offices. There are 200 product specialists on staff who work remotely and connect to the corporate network using a VPn connection a Routing and Remote Access (RRAS) server located at the main office. The VPN connection uses the L2TP protocol with IPSec for security. A routine audit of help desk tickets reveals that almost 5% of the tickets logged with the help desk relate to incorrect VPN settings on the laptops being used by the product specialists. You need to streamline the creation of VPN connections to reduce the number of configuration errors on the clients. What should you do?

You should use the Connection Manager Administration Kit (CMAK) to create a service profile that will connect the Product Specialists to the company VPN.

You are the network administrator for corpnet.com. You have three DHCP servers named DHCP1, DHCP2 and DHCP3. Each DHCP server provides services to a different office and is configured with a scope corresponding to the network ID of the office. The main office is assigned addresses from the 192.168.1.0/24 network. The two branch offices are assigned addresses from the 192.168.2.0/24 and 192.168.3.0/24 networks. You have a server named IPAM1 that is used to manage the address space for all three offices. All three scopes appear as IP address ranges on the IPAM server. You need to determine the overall utilization of IP addresses across all three offices. What should you do?

Add an IP address block for the 192.168.0.0/16 network.

You are the network administrator for your company. The network consists of a single Active Directory domain. All the servers run Windows Server 2016. All the clients run Windows 10. Your company has a number of product specialists who travel to remote areas. The product specialists complain that their internet connections frequently fail, forcing them to reconnect to the company VPN server. The server and the clients use the L2TP with IPSec VPN protocol. You need to improve VPN performance by allowing the clients to automatically reconnect to the company VPN if the clients' internet connection should fail. What should you do?

Configure the VPN connection to use the Internet Key Exchange version 2 (IKEv2) VPN protocol.

You are the network administrator for your company. Your company has 325 Windows 10 clients. Each of these needs access to the internet. External hosts should not be able to connect to these clients or to any other servers in your network. Your company has already purchased a public IP address and does not want to purchase any additional public IP addresses. You have decided that implementing NAT on your Windows 2016 server is the best solution. Which of the following types of NAT implementation would work best for this situation?

Dynamic NAT

Your company has established a branch office in a nearby town, which also has a small network. The remote office has two servers running Windows Server 2016. You've been instructed to interconnect the two offices. You install the Routing and Remote Access service on one of the Windows Server 2016 computers in your local office and on one of the Windows Server 2016 computers in the remote office. You can successfully ping between the two devices. However, you can connect to resources on the other side of the remote access server. What should you do? (Select two. Each answer is required for a working solution.)

Enable LAN routing on both access servers Configure a static route on each remote access server to the other network.

You need to view a list of all IP addresses sorted by device type that have been assigned by DHCP servers in the westsim.com domain. Click the option in the IPAM console that you should use to view this information.

IP Address Inventory

Dana is a senior system administrator. He has decided to delegate specific IPAM administration tasks to one of his junior system administrators. Which IPAM group should you use to allow members to view nearly everything that the other groups can manage, but not allow them to edit content?

IPAM Users

You are the network administrator for corpnet.com. All of your servers run Windows Server 2016. You have a server named IPAM1 that has the IPAM feature installed on it. All of the IP addresses in the address block for the 192.168.0.0/16 network appear to be in use. You suspect that some of the IP addresses are available for use on the network. You need to update the IPAM database to show which IP addresses are available. Which action should you take to accomplish this task?

Right-click the IP Address Ranges and then click Reclaim IP Addresses.

You have a small network at home that is connected to the internet. On this network, you have a server with the IP address of 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network. You want to configure the server as a web server and allow internet hosts to contact the server to browse a personal website. What should you use to allow access?

Static NAT

You are the network administrator for corpnet.com. All of your servers run Windows Server 2016. You have a server named IPAM1 that has the IPAM feature installed on it. You need to configure IPAM1 to detect the DHCP and DNS servers in the corpnet.com domain. What should you do first?

Use the Configure server discovery link.

You have recently set up a VPN server to allow your traveling salesmen access to the corporate resources while they are out of office. You need to configure a new VPN connection on the 50 laptops used by the sales team members. You need to configure the VPN connection to only use Point-to-Point tunneling (PPTP) with the maximum strength encryption. You want to do this with the least amount of effort as possible. What should you do?

Use the Connection Manager Administration Kit (CMAK) to create a profile. Save the profile to a network share. Have each sales team member run the installation file.


Related study sets

FIN 357 Chapter 13: Return, Risk, and the Security Market Line

View Set

Anatomy & Physiology Exam Study Guide

View Set

Speaking and Listening: Planning a Multimedia Presentation Assignment

View Set

Aquí no hay quien viva 20-22 (569)

View Set

Algebra (FRACTIONAL COEFFICIENTS)

View Set

Quizlet Flashcards Guidelines for area of shapes

View Set