MOAC 70-741 cht 7-9

Ace your homework & exams now with Quizwiz!

BGP is enabled by using powershell cmdlets?

"add or GET"

Which option should be used with the Route command when creating a static route that will ensure the route is still available if the computer is rebooted?

-p

to make routes persistent which will be available after the server is rebooted you must also use the ___ switch

-p

private NAT addresses are?

10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255

The maximum number of hops allowed for RIP is ?

15

Which of the following is the largest number of hops supported by RIP?

15

The hop count of ___ is considered an infinite distance and therefore it is considered unreachable

16

CM supports different features in a profile depending upon the operating system that is running on the client computer. you must create a connection profile on a computer that uses the same architecture ____ as the clients n which you will install the profile

32/64-bits

Which of the following is needed for IPAM to manage DNS and DHCP servers in another forest?

A two-way trust relationship

Microsoft recommends using computer-certificate authentication because it is a much stronger authentication method. Computer-level authentication is performed only for L2TP/IPsec connections.

Computer-level authentication that uses IKE to exchange either computer certificates or a pre-shared key

A corporation has a main office and 12 branch offices. The users and computers are within a single domain. All servers are Windows Server 2008 R2 and Windows Server 2012. All data must be encrypted by using end-to-end encryption. In addition, instead of using user names and passwords, computer-level authentication should be used. Which of the following is the recommended course of action?

Configure L2TP with IPsec and EAP-TLS authentication.

A client network connection tool that helps administrators simplify the management of their remote connections. CM uses profiles that consist of settings that allow connections from the local computer to a remote network

Connection Manager (CM)

Used to create and customize the profiles for CM and to distribute them to users. The profile, once completed, contains all the settings necessary for the user to connect, including the IP address of the VPN server.

Connection Manager Administration Kit (CMAK)

In Windows Server 2016, which of the following are methods to create DNS resource records? (Choose all that apply.)

DNS Manager console Windows PowerShell Server Manager IPAM

manages DNS resource records

DNS RECORD AMINISTRATOR

you can open Server Manager IPAM\MONITOR AND MANAGE\DNS and DHCP servers to manage what?

DNS and DHCP server properties

IPAM console provides

DNS record administrator IP address record administrator IPAM administrator IPAM ASM administrator IPAM DHCP administrator IPAM DHCP reservation administrator IPAM DHCP scope administrator IPAM DNS administrator IPAM MSM administrator

View displays all the forward lookup and reverse lookup zones on all DNS servers that IPAM is currently managing.

DNS zone monitoring

Verifies that the data sent over the VPN connection has not been modified in transit. This is usually done by using a cryptographic checksum that is based on an encryption key known only to the sender and receiver.

Data integrity

When establishing a VPN connection, which of the following verifies that data has not been modified while in transit?

Data integrity

A ______ connection to a target intranet resource is initiated when the DirectAccess client connects to the DirectAccess server through IPv6. IPsec is then negotiated between the client and server. connection is then established between client and target resource

DirectAccess

Compared with other forms of remote access, _____ is more complex, which has more required components

DirectAccess

Provides seamless intranet connectivity to DirectAccess client computers when they are connected to the Internet

DirectAccess

Which of the following technologies is used to automatically connect to the company network whenever Internet access is available?

DirectAccess

connections are automatically established and they provide always-on seamless connectivity.

DirectAccess

overcomes the limitations of VPN's by automatically establishing a bidirectional connection from client computers to the organization's network using IPsec and IPv6.

DirectAccess

you can use transition mechanisms such as 6to4 and teredo transition technology for connectivity across IPv4 internet and the (ISATAP) IPv6 transition technology so _____ clients can access IPv6-capable resources across your IPv4-only intranet

DirectAccess

Which tool is available in Windows 7 that allows the diagnosis of DirectAccess connections?

DirectAccess Connectivity Assistant (DCA)

Which authentication protocol should be used to start using smart cards with the VPN?

EAP

network topology connects to the edge or DMZ with the firewall where firewall software is deployed on the edge computer. edge computer must have two network adapter: one that connects to the internal network and the other to the internet

EDGE

When installing and configuring DirectAccess, which of the following topologies should be configured to place the server running Windows Server 2016 connected directly to the Internet?

Edge

Which metric is used by RIP to determine the optimal route?

Hops

Which VPN protocol should be used to use VPN Reconnect?

IKEv2

automatically establishes a VPN connection when internet connectivity is available. only WIN7, Win serv 2008 R2 and later support VPN reconnect

IKEv2

manages IP addresses but not IP address spaces, ranges, block or subnets

IP address record administrator

Can monitor DHCP and DNS servers from any physical location in the organization as well as simultaneously manage multiple DHCP servers or scopes that exist among multiple DHCP server

IPAM

With windows server 2016 _____ can manage resources in its current active directory forest as well as remote active directory forests

IPAM

You can use ___ to view and check the status and health of selected sets of Windows Server DNS and DHCP servers from a single console and display recent configuration events

IPAM

You can use ____ to audit address utilization, policy compliance, and other information based on the type of servers IPAM is managing.

IPAM

In Server Manager, in which of the following locations is a DHCP policy configured?

IPAM > MONITOR AND MANAGE > DHCP Scopes

members of this group have IPAM users privileges and can perform common IPAM address space management (ASM) tasks and IP address space tasks

IPAM ASM administrator

possess IPAM user privileges and can perform common IPAM address space management (ASM) tasks and IP address space tasks

IPAM ASM administrator

completely manages DHCP servers

IPAM DHCP administrator

manages DHCP reservations

IPAM DHCP reservations administrator

manages DHCP scopes

IPAM DHCP scope administrator

completely manages the DNS server

IPAM DNS administrator

members of this group have IPAM users privileges and can perform common IPAM management tasks and can view IP address tracking information

IPAM IP Audit administrator

possess IPAM users privileges and can perform common IPAM multi-server management (MSM) tasks and server management tasks

IPAM MSM administrator

members of this group have IPAM users privileges and can perform common IPAM multi server management (MSM) tasks and server management task

IPAM MSM administrators

Which of the following is the minimal role that is needed to view IP address space without seeing IP address tracking information?

IPAM Users

members of this group have the privileges to view all IPAM data and perform all IPAM tasks

IPAM administrator

possesses the privileges to view all IPAM data and perform all IPAM tasks

IPAM administrator

users who are members of this group can view server discovery, IP address space, and server management information. Group members can also view IPAM and DHCP server operational events but they cannot view IP address tracking information

IPAM users

DirectAccess relies on which of the following?

IPv6

before installing DirectAccesss you need?

IPv6 and any transitional IPv6 technologies in place. certificate server and you need to have external and internal DNS entries.

When configuring DirectAccess on Server1, which step needs to be performed to ensure that Server1 can initiate connections to DirectAccess client computers?

Infrastructure Servers

Consists of three protocols: IPsec tunnel mode, Encapsulating Security Payload (ESP), and IKEv2 Mobility and Multihoming (MOBIKE)

Internet Key Exchange v2 (IKEv2)

IPsec uses IKEv2 for key negotiations ESP for securing the packet transmissions and MOBIKE for switching tunnel endpoints

Internet Key Exchange v2 (IKEv2)

designed for remote access VPN it works well over IPv4 and IPv6 networks and traverses NAT. Also supports user or machine authentication via IKEv2 and uses 3DES and AES for data confidentiality

Internet Key Exchange v2 (IKEv2)

_____ can be used only when both computers involved in the L2TP tunnel are in the same forest.

Kerberos

is the domain controllers default protocol for trust

Kerberos v5

Requires that the computers mutually authenticate themselves to each other. The computer-to-computer authentication takes place before the user is authenticated. L2TP provides the tunneling while IPsec provides the security.

Layer 2 Tunneling Protocol (L2TP) with IPsec

VPN connections provide data confidentiality, data integrity and data authentication

Layer 2 Tunneling Protocol (L2TP) with IPsec

is supported by windows client operating systems (Windows XP or later) and (win servr 2003 or later)

Layer 2 Tunneling Protocol (L2TP) with IPsec

is the industry standard when setting up secure tunnels kerberos is the native authentication protocol

Layer 2 Tunneling Protocol (L2TP) with IPsec

typically used for remote access and site to site VPNs over IPv4 and IPv6 and supports NAT

Layer 2 Tunneling Protocol (L2TP) with IPsec

uses UDP ports 500, 1701, 4500 and uses IPsec for machine authentication

Layer 2 Tunneling Protocol (L2TP) with IPsec

ensures that if a break occurs in connectivity the user can continue without restarting the connection

MOBIKE

you can encrypt data with PPTP only if you use _____ and _____ as the authentication protocols.

MS-CHAPv2 EAP-TLS

Provides two-way authentication (mutual authentication).

Microsoft chap version 2 (MS-CHAP v2)

Which of the following is used to translate between private addresses and public addresses?

NAT

enables a local area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic.

NAT

Which table is used to determine the behavior of the DNS clients when determining the address of internal resources?

NRPT

Determines whether the client computer is connected to the corporate intranet or the Internet.

Network Connectivity Assistant (NCA)

Which tool is available in Windows 8 that allows the diagnosis of DirectAccess connections?

Network Connectivity Assistant (NCA)

Which server is used to determine if the server is connected to the intranet or the Internet?

Network Location Server

A DirectAccess client uses a _____ to determine its location

Network Location Server (NLS)

It allows multiple computers on a network to connect to the internet through a single IP address

Network address translation (NAT)

used with masquerading to hide an entire address space behind a single IP address.

Network address translation (NAT)

Which of the following allows split tunneling?

Open Advanced TCP/IP Settings and deselect Use default gateway on remote network.

Which authentication protocol is the least secure and, therefore, should not be used?

PAP

used typically for remote access and site to site VPNs with IPv4 and uses NAT which is supported via PPTP-enabled NAT routers

Point-to-Point Tunneling Protocol (PPTP)

uses PPP for user authentication and RC4 for data confidentiality

Point-to-Point Tunneling Protocol (PPTP)

types of tunneling protocols are used with VPN/RAS server running windows server 2016

Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) with Internet Protocol Security (IPsec) Internet Key Exchange v2 (IKEv2) Secure Socket Tunneling Protocol (SSTP)

Which of the following should be used to manage BGP on Windows Server 2016?

PowerShell cmdlets

SSTP is enabled on a server called Server1. When a user tries to log on, he receives an error: Error 0x80092013: The revocation function is unable to check revocation because the revocation server was offline. The certificate looks fine. Which of the following actions should be taken to overcome this problem?

Publish the CRL distribution point to a site that is available over the Internet.

has been a popular distance-vector routing protocol for small organizations.

RIP

uses broadcast where the entire routing table is sent to the other routers within the network.

RIP

Which of the following can be found in RRAS? (Choose all that apply.)

RIP NAT OSPF

RIP was improved with ______ by using multicasts to send the entire routing table to all adjacent routers at the address of 224.0.0.9 instead of using broadcast

RIP version 2 (RIPv2)

After you install RAS you need to enable the server and configure?

RRAS

Microsoft windows supports the ROUTING INFORMATION PROTOCOL (RIP) through this?

RRAS

you will use ____ to configure RIP or define static routes

RRAS

Which Windows Server 2016 services and applications offer IPv6 support?

Remote Access supports IPv6 routing and advertising, and the DHCP Server role can allocate IPv6 addresses.

Which of the following statements describes the most effective reason for deploying DirectAccess connectivity for remote users?

Remote users' computers can be easily managed and kept up to date.

Which two steps need to be performed on the DNS server so that it can support DirectAccess?

Remove the ISATAP from the DNS global query block. Add a record for the NSL server.

A method of granting access to computer or network resources based on the roles of individual users within an organization. Access allows an individual user to perform specific tasks, such as read or create a file, and open a database.

Role-Based Access Control (RBAC)

Which of the following should be used to enable NAT?

Routing and Remote Access Service (RRAS)

A client configured for DirectAccess is connected to the Internet from home. Which of the following allows you, as the administrator, to verify whether the client can resolve the DirectAccess server called server1.contosol.com?

Run the ping server1.contoso.com command.

As an administrator for an organization, you want to make a server running Windows Server 2016 into a VPN server. However, the networking team allows only HTTPS through the firewall. Which VPN protocol should be used?

SSTP

Improves on the PPTP and L2TP/IPsec VPN tunneling protocols; works by sending PPP or L2TP traffic through a Secure Sockets Layer (SSL) 3.0 channel.

Secure Socket Tunneling Protocol (SSTP)

designed for remote access VPN works over IPv4 and IPv6 networks and traverses NAT firewalls and web proxies.

Secure Socket Tunneling Protocol (SSTP)

if you need to use a VPN connection behind a firewall that allows only HTTPS _____ is your only option

Secure Socket Tunneling Protocol (SSTP)

is the most secure VPN protocol

Secure Socket Tunneling Protocol (SSTP)

supported by ( windows vista SP1 and later) and (windows server 2008 and later).

Secure Socket Tunneling Protocol (SSTP)

use SSL and TCP port 443 to relay traffic. TCP port 443 will work in network environments in which other VPN protocols might be blocked when traversing fire-walls NAT devices and web devices

Secure Socket Tunneling Protocol (SSTP)

uses a generic port that firewalls rarely block. Uses PPP for user authentication and RC4/AES for data confidentiality

Secure Socket Tunneling Protocol (SSTP)

Which tab in the RIP properties dialog box can be used to prevent routes being received from a router located on 10.10.10.10?

Security

Instead of using the DNS Manager console, which of the following tools can be used to create a DHCP scope?

Server Manager IPAM

Which option should be used to make sure that a user can dial in using only her home phone?

Set By Caller

Which one of the Remote Access Management interfaces provides the most control?

The Remote Access Setup Wizard

Which of the following describes why DirectAccess needs certificates?

To support IPsec

Are relationships between domains or forests that enable a user to be authenticated by domain controllers from another domain.

Trust

Which of the following is the easiest way to set up a VPN client on a computer for a nontechnical user?

Use CMAK to create an executable to install.

User-level authentication is usually user name and password. With a VPN connection, if the VPN server authenticates, the VPN client attempts the connection using a PPP user-level authentication method and verifies that the VPN client has the appropriate authorization.If the method uses mutual authentication, the VPN client also authenticates the VPN server. By using mutual authentication, clients are ensured that the client does not communicate with a rogue server masquerading as a VPN server.

User-level authentication by using Point-to-Point Protocol (PPP) authentication

authentication for VPN connections takes these to forms

User-level authentication by using Point-to-Point Protocol (PPP) authentication Computer-level authentication that uses IKE to exchange either computer certificates or a pre-shared key

Which of the following is the main advantage of using DirectAccess over VPN connections?

Users don't have to manually connect to the remote network.

designed to provide users with consistent VPN connectivity and automatically reestablishes a VPN when users temporarily lose their internet connection

VPN reconnect (IKEv2)

in most situations using ______ should provide you the best option for security and uninterrupted VPN connectivity.

VPN reconnect (IKEv2)

link two computers or network devices through a wide area network (WAN) such as the Internet. Because the Internet is a public network and is considered insecure, the data sent between the two computers or devices is encapsulated and encrypted.

Virtual private networks (VPNs)

functions as a software-based router that can be used for lightly trafficked subnets on a small network.

Windows server 2016

VPN can be used in the following scenarios

a client connects to the RAS to access internal resources from off site two remote sites connect to each other by creating a VPN tunnel between RAS serves located at each site two different organizations create a VPN tunnel so users from one organization can privately access the resources in the other organization

Allows you to configure your end-to-end authentication and security for the DirectAccess components. It also allows you to provide secure connections with individual servers that you want to establish secure connections with.

application servers

Proves the identity of the user or computer that tries to connect.

authentication

RIPv2 uses ____ to ensure that routes being distributed throughout the network are coming from authorized sources

authentication

direct access server cannot

be a domain controller

network topology uses the edge device as a firewall solution where the DirectAccess server has one network adapter connected to the internal network.

behind the firewall with one network adapter

network topology uses the edge device as a firewall solution in this scenario the DirectAccess sever is located in a perimeter network behind the edge device

behind the firewall with two network adapters

is standardized exterior gateway protocol that exchanges routing and reachability information among autonomous systems (AS) between edge routers on the internet.

border gateway protocol (BGP)

is unique in using TCP as its transport protocol

border gateway protocol (BGP)

provides scalability which allows the joining of a number of large AS areas and it allows for multihoming which can provide redundancy.

border gateway protocol (BGP)

to create a forest trust ?

both domains of the trust must be the forest root domain and have a forest functional level of windows server 2003 or higher

Based on a challenge-response authentication that uses the industry standard MD5 hashing scheme to encrypt the response.

challenge handshake authentication protocol (CHAP)

PPTP provides ______ meaning that it prevents the data from being viewed but does not provide data _____ ( proof that the data was not modified in transit) or data origin authentication.

confidentiality and integrity

By connecting to the RAS over the internet a user will be able to?

connect to their organizations network so that they can access data files , read email, and access other applications just as if they were sitting at work

is the easiest and quickest for the user to install

connection manager administration kit (CMAK)

enables you to choose individual services including NAT,LAN routing and VPN access

custom configuration

Ensures data remains private by encrypting it prior to transmission, preventing unauthorized users from accessing it.. When it is received, the intended recipient decrypts it. the encryption and decryption depend on the sender and receiver. Both must have a common or related encryption key; larger keys offer better security.

data encryption

DirectAccess should be deployed in one of these network topologies

edge behind the firewall with two network adapters behind the firewall with one network adapter

from the IPAM console you can perform the following

edit DHCP server properties edit DHCP server options create DHCP scopes configure predefined options and values configure the user class across multiple servers simultaneously create and edit new and existing user classes across multiple servers simultaneously configure the vendor class across multiple servers simultaneously start the management console for a selected DHCP server retrieve server data from multiple servers

Encapsulates or places private data in a packet with a header containing routing information that allows the data to traverse the transit network such as the Internet.

encapsulation

A universal authentication framework that allows third-party vendors to develop custom authentication schemes, including retinal scans, voice recognition, fingerprint identifications, smart cards, Kerberos, and digital certificates.

extensible authentication protocol (EAP)

if you want to use smart cards for remote connections you must use

extensible authentication protocol (EAP)

For more complex networks with heavy network traffic you should use a ___ which provides more reliability and improved network performance

hardware-based router

To determine the distance or cost between networks Rip uses the metric of ______ which is the count of routers.

hop count

is the count of routers

hop count

Allows you to configure how the clients access the core infrastructure services, such as Active Directory domain controllers and DNS servers. You also specify an internal web server that can provide location services for infrastructure components to your DirectAccess clients.

infrastructure servers

Traffic that is routed within a single network AS is referred to as??

internal BGP

domain controllers authenticate users via either _____ or ______ ?

kerberos v5 NT LAN (NTLM)

operate at layer 2 of the OSI model and are used to connect a host to a network by performing packet switching that allows traffic to be sent only to where it need to be sent based on mapping MAC addresses of local devices

layer 2 switches

Can perform layer 2 switching but can also perform routing based on IP addresses within an organization.

layer 3 switches

remote access logging tab logging levels include

leg errors only log errors and warnings log all events do not log any events

The PPP frame is encrypted with ?

microsoft point to point encryption (MPPE) with RC4 (128 bit key)

contains the settings used by the DNS client on the computer that determines what happens to DNS queries

name resolution policy table (NRPT)

sets up the server to provide NAT services to clients on the private network that need to access the internet

network address translation (NAT)

the DirectAccess server must have at least __ network adapter connected to the domain network.

one

when selecting an appropriate VPN protocol you need to consider the?

operating system, authentication requirements and limitations

Uses plaintext (unencrypted passwords). PAP is the least secure authentication and is not recommended.

password authentication protocol(PAP)

A VPN protocol based on the legacy Point-to-Point (PPP) protocol used with modems. Has widespread support with nearly all versions of Windows.

point to point tunneling protocol (PPTP)

uses TCP port 1723 and IP protocol ID 47.

point to point tunneling protocol (PPTP)

uses a Transmission Control Protocol (TCP) connection for tunnel management and a modified version of Generic Route Encapsulation (GRE) to encapsulate PPP frames for tunneled data.

point to point tunneling protocol (PPTP)

Encapsulates the EAP with an encrypted and authenticated Transport Layer Security (TLS) tunnel.

protected extensible authentication protocol (PEAP)

Nat computer or device is usually a router or proxy server as a result you can ?

provide a type of firewall by hiding internal IP addresses enable multiple internal computers to share a single external public IP address

sets up the server to accept incoming remote access connections (dial-up or VPN)

remote access (dial-up or VPN)

RRAS wizard offers these five options

remote access (dial-up or VPN) network address translation (NAT) virtual private network (VPN) access and NAT secure connection between two private networks custom configuration

to configure DirectAccess itself use

remote access management console

Configures the network connections based on one or two network cards and which adapters are internal and which adapters are external. You can also specify the use of smart cards and specify the certificate authority (CA) to use for DirectAccess to provide secure communications.

remote access server

enables users to connect remotely to a network using various protocols and connection types.

remote access server (RAS)

Allows you to specify which clients within your organization can use DirectAccess. You specify the computer groups that you want to include and specify if you want to include Windows 7 clients.

remote clients

Which command can be used to create a static route on a server running Windows Server 2016?

route

to view or configure the routing table from the command line use

route.exe

join subnets together to form larger networks and join networks together over extended distances or WANs. They can also connect dissimilar LANs such as an ethernet LAN to a fiber distributed data interface (FDDI)

routers

operate at the OSI reference model layer 3, network layer. therefore they are sometimes referenced as a layer 3 device.

routers

The process of selecting paths in a network where data will be sent.

routing

is required to send traffic from one subnet to another within an organization, and it is required to send traffic from one organization to another.

routing

is a unit calculated by routing algorithm to determine the optimal route for sending network traffic.

routing metric

is a data table that is stored in a router or networked computer that lists the routes of particular network distances and the associated metrics or distances associated with those routes.

routing table

sets up a demand-dial or persistent connection between two private networks

secure connection between two private networks

requires the most knowledge for the user who is creating the connection because the user must specify all necessary options

set up a connection (network wizard)

when you create a connection using the ____ you are manually creating a VPN connection that will allow you to connect to a VPN server. this method gives you more control of the VPN options

set up a connection (network wizard)

allows routed connections to the remote site or network while helping to maintain secure communications over the Internet

site to site VPN connection

can be used to connect branch offices to an organization's primary site, or to connect one organization to the network of another organization.

site to site VPN connection

connects two private networks.

site to site VPN connection

•When networks are connected over the Internet, a VPN-enabled router forwards packets to another VPN-enabled router across a VPN connection.

site to site VPN connection

if you want to route your internet browsing through your home internet connection rather than going through the corporate network you can disable the "use default gateway" on remote network option disabling this option is called using a?

split tunnel

NAT device or proxy server uses ______ translation tables to map the "hidden" addresses into a single address and then rewrites the outgoing IP packets on exit so that they appear to originate from the router.

stateful

The routing tables are manually created with _____ or are dynamically created with routing protocols such as routing information protocol (RIP)based on the current routing topology

static routes

are best suited for small, single paths that don't change much.

static-routed IP

when selecting the appropriate VPN protocol to use consider the following

the operating system you will be using the client's need- and ability- to traverse firewalls NAT devices and web proxies authentication requirements for computers as well as users implementations such as site-to-site VPN or a remote access VPN

to use direct access

the server must be part of an active directory

True or False as WAN traffic travels multiple routes the router chooses the fastest or cheapest route between the source and destination while sometimes taking consideration of the current load

true

is a trust that goes in both directions.

two way trust

to manage remote DNS and DHCP servers, you need to have a?

two-way trust with the forest where IPAM is installed.

with IPAM you can do the following

view DNS servers and zones create new zones open the DNS console create DNS records manage conditional forwarders

sets up the server to support incoming VPN connections and to provide NAT services

virtual private network (VPN) access and NAT

turning off ____ will disable DirectAccess

windows firewall

Operating systems CMAK wizard can be run on

windows vista and above windows server 2003, windows XP or windows 2000


Related study sets

Iowa Life And Health insurance Exam

View Set

Precal Lesson 3 Unit 1: Quick Check

View Set

Exam 2 lecture 2 chapter 11 obesity

View Set

Master Series 7 Exam Practice Questions

View Set

ASSIGNMENT 1 - SECTION A - CA INSURANCE ETHICS & CODE

View Set