Networking with Windows Server 2016 (Exam 70-741)

Where do you go to enable round robin in the DNS console?

open the Properties of the server

What is stored in a trust anchor on a DNS server?

preconfigured public keys that are associated with a specified zone

What prevents a range of IP addresses within a DHCP scope from being leased to any computer?

scope exclusion

What type of NIC Teaming is supported in Active/Standby (Active/Passive) mode?

stand-alone NIC Teaming

What switch of the Dnscmd command allows you to specify specific netmask ordering settings?

the /LocalNetPriorityNetMask switch

When Response Rate Limiting (RRL) is configured on the DNS server, which cmdlet will mitigate DNS amplification attacks by identifying subnets as benign?

the Add-DnsServerResponseRateLimitingExceptionlist cmdlet

What resource record on a DNS server represents the trust anchor?

the DNSKEY or DS resource record

When executing the New Network Policy Wizard, which condition will restrict the policy to clients that meet the health criteria in the policy that you specify?

the Health Policies condition

Which parameter in the Invoke-IpamGpoProvisioning cmdlet will add the IPAM server to the universal group named IPAMUG?

the IpamServerFqdn parameter

When executing the New Connection Request Policy Wizard, which condition will restrict the policy to only clients that use a certain access media type, such as ISDN or VPN?

the NAS Port type condition

Which cmdlet would enable support for GlobalNames zones on a DNS?

the Set-DnsServerGlobalNameZone cmdlet

Which switch of the DNSLint utility is used to verify DNS records used for Active Directory replication?

/ad

Which DHCP option number specifies the DNS domain name that the client should use for DNS computer name resolution?

015

Which type of zone prevents the DNS server from looking outside the zones on the DNS server to resolve a name?

A root zone

Which type of zone will prevent the use of forwarders or the use of root DNS servers listed in the Root Hints tab of the DNS server?

A root zone

What would you type at the PowerShell prompt to add the security group that contains DirectAccess clients named DirectAccessClients in the nutex.com domain?

Add-DAClient -SecurityGroupNameList @('nutex.com\DirectAccessClients')

If IPAM discovery fails, which cmdlet can you run to add the computer running the DHCP server service to the list of authorized Dynamic Host Configuration Protocol (DHCP) server services in the Active Directory (AD)?

Add-DhcpServerInDC

If IPAM discovery fails, which cmdlet adds a new infrastructure server to the IP Address Management (IPAM) server inventory?

Add-IpamServerInventory

Which cmdlet creates an extended Access Control List (ACL) for a virtual network adapter that allows you to deny or allow inbound and outbound connections to a virtual machine on a Hyper-V host based on ports numbers, such as 3389? Answer:

Add-VMNetworkAdapterExtendedAcl

Which cmdlet should you use to ensure that a VPN is not autotriggered when you launch an application while your computer is on a specific network?

Add-VpnConnectionTriggerTrustedNetwork

Which maintenance task of an IPAM server collects current and historical IP address space usage?

AddressUtilization

How can you view cached lookups on a Windows DNS server?

By clicking View from the menu at the top of DNS Manager and clicking Advanced.

How can you make a static DNS record eligible for scavenging?

Check the Delete this record when it becomes stale checkbox on the properties of the record.

How can you ensure that DFS links are fault tolerant if the DFS root goes down?

Create DFS link replicas

What should you do to ensure that only authenticated users are able to register their records in the DNS zone?

Create an Active Directory-integrated zone and configure the zone for secure dynamic updates only

Which feature of Windows Server 2016 provides each downstream DFS server with an exported copy of the upstream server's DFSR database and preseeded files?

DFSR database cloning

What happens to client requests for hosts outside of nutex.com if you add a root zone to a DNS server that hosts the Active Directory zone nutex.com?

DNS client requests will not be forwarded, nor will the request be sent to a root hints server.

What condition of a Network Policy on a Network Policy Server must you configure to limit the dial-in hours for users connecting to a VPN server?

Day and time restrictions

Which cmdlet allows you to register the service connection point in Active Directory for a Hosted Cache server?

Enable-BCHostedServer

Which PowerShell cmdlet would you use to enable Remote Direct Memory Access on a network adapter?

Enable-NetAdapterRDMA

Which cmdlet exports a cloned DFS database from a source server?

Export-DfsrClone

Which IPv6 prefix is a link-scoped unicast allocation?

FE80::/10

Which IPv6 prefix is a multicast allocation?

FF00::/8

Which VPN tunneling protocol allows you to have a tunnel that uses the VPN Reconnect feature in Windows 7 and above?

IKEv2

Which feature in Windows Server provides a central framework for managing your IP address space and corresponding infrastructure servers such as DNS and DHCP?

IP Address Management (IPAM)

Which Hyper-V feature offloads the per-packet encryption operations from the VM to the NIC, resulting in substantial CPU savings?

IPsec Task Offload (IpsecTO)

What technology uses 32-bit IP addresses and allows for the use of 4 billion addresses?

IPv4

What IPv6 transition technology defines a method for generating a link-local IPv6 address from an IPv4 address, and a mechanism to perform Neighbor Discovery on top of IPv4?

ISATAP

Which cmdlet imports a cloned DFS database to a destination server?

Import-DfsrClone

What should you do to ensure that a DHCP server is automatically authorized when you add the server to the DHCP console for the first time?

Install DHCP on a computer that is also running as a domain controller.

What's the difference between privileges of the IPAM Users group and the IPAM IP Audit Administrators group?

Members of the IPAM IP Audit Administrators group can view IP address tracking information.

Which component of the SOA record shows the value supplied in query responses to inform other servers how long they should keep the data in cache, and applies to all resource records in the zone file?

Minimum TTL

In a S2S VPN, which type of network are assigned priorities to the different packets based on what the labels state on that packet?

Multi-Protocol Label Switching (MPLS)

Which table on DNS client computers stores configuration settings for DNSSEC and DirectAccess?

Name Resolution Policy Table (NRPT)

Which PowerShell command would you use to configure a NAT network named MyNATNetwork that is connected to the internal subnet of 192.168.100.0/24?

New-NetNat -Name MyNATNetwork -InternalIPInterfaceAddressPrefix 192.168.100.0/24

If a client has a DHCP reservation, the DHCP allow list is not enabled, and the client is on the DHCP deny list, will the client receive an IP address from the DHCP server?

No. You'll have to remove the MAC address for that client from the deny list.

If a client has a DHCP reservation, there is a DHCP allow list enabled, and the client is not on the DHCP allow list, will the client receive an IP address from the DHCP server?

No. You'll need to add the client's MAC address to the list.

How can you see the unique GPO prefix name that IPAM uses to create the group policy objects after you have installed IPAM?

Open Server Manager, choose IPAM, choose Overview, and choose Provision the IPAM server.

What technology do you use to allow applications that do not support IPv6 to communicate with IPv6 hosts?

Port Proxy

What cmdlet generates hashes for files in shared folders on a file server that have BranchCache enabled and the BranchCache for Network Files role service installed?

Publish-BCFileContent

Which feature of the Routing and Remote access role enables site-to-site connectivity between remote tenant networks and your datacenter using IPSec, Generic Routing Encapsulation (GRE) or Layer 3 Forwarding?

RAS gateway

Which RFC describes the DHCP/ BOOTP relay agent capabilities required by connected routers to support and use the DHCP service across multiple subnets

RFC 1542

Which component of the SOA record shows the time, in seconds, a secondary DNS server waits before querying the primary DNS server's SOA record to check for changes?

Refresh Time

What would you type at the PowerShell prompt to remove the default Domain Computers security group in the nutex.com domain from being DirectAccess clients?

Remove-DAClient -SecurityGroupNameList @('nutex.com\DirectAccessClients')

Which cmdlet deletes IP address audit events from the IPAM database?

Remove-IpamIpAddressAuditEvent

What are two ways to display the IPv6 route table on a Windows Server 2016 server from the PowerShell prompt?

Run either the netstat -r command or the Get-NetRoute cmdlet from the PowerShell prompt.

What is the process that divides up the namespace into one or more zones, which can then be stored, distributed, and replicated to other DNS servers?

zone delegation

Which cmdlets would you use to capture unassigned IPv4 address from a specified DHCP scope and exclude the IPv4 addresses from that scope?

Run the Get-DhcpServerv4FreeIPAddress cmdlet and the Add-DhcpServerv4ExclusionRange cmdlet

Which component of the SOA record will increment each time the zone file is changed?

Serial number

Which maintenance task of an IPAM server discovers DHCP servers, domain controllers, and DNS servers in the domains you select?

ServerDiscovery

When using DHCPv6, how should you set the M and O flags to ensure that the clients receive IP addresses but not configuration information?

Set the M flag to 1 and the O to 0

Which cmdlet allows you to modify the connection schedule between members of a replication group?

Set-DfsrGroupSchedule

What Windows PowerShell command will specify that the nutex.com zone allows both secure and nonsecure dynamic updates?

Set-DnsServerPrimaryZone -Name "nutex.com" -DynamicUpdate

Which PowerShell command will enable RSS on any network adapter on your virtual machine?

Set-NetAdapterRss -Name * -Enabled $true

Which PowerShell command would you use to disable SMB Multichannel on the client side?

Set-SmbClientConfiguration -EnableMultiChannel $false

Which type of NPS template allows you to specify a password that you can reuse when configuring RADIUS clients and servers in the NPS console by selecting a template?

Shared secrets

Which data path element in Software Defined Networking (SDN) enables site-to-site connectivity between two autonomous systems?

Software Defined Networking (SDN) RAS gateway

Which technology in Windows Server 2016 distributes tenant network traffic among virtual network resources, and provides high availability and scalability by allowing multiple servers to host the same workload?

Software Load Balancing (SLB)

Which interface in software defined networking (SDN) that enable communication between the SDN controller and the network nodes (both physical or virtual switches and routers) so that the router can discover the network topology, define network flows, and implement requests relayed to it?

Southbound API

Which cmdlet is used to force replication between members of a DFS replication group?

Sync-DfsReplicationGroup

What Windows Server 2016 functionality allows communication between IPV6 and IPV4 networks that are behind NAT servers when you cannot use ISATAP or 6to4?

Teredo

Which cmdlet and parameter will retrieve statistics based on zone queries, zone transfers, and zone updates?

The Get-DnsServerStatistics cmdlet with the - ZoneName parameter

Which zone is designed to resolve single-label names?

The GlobalNames zone

Which output from the command Get-DnsServerStatistics -ZoneName nutex.com will display the number of queries not responded to successfully?

The ZoneQueryStatistics object, which contains information on queries received, queries responded, queries failed, and name error statistics

Which output from the command Get-DnsServerStatistics -ZoneName nutex.com will display the number of AXFR and IXFR transactions?

The ZoneTransferStatistics object, which contains zone transfer information on requests received, requests sent, and responses received, successfully received, and successfully sent

If a DNS server has both a conditional forwarder defined for a given domain and a server level forwarder, which forwarder will be used to resolve a query in the given domain?

The conditional forwarder

What is the function of the default referral settings in DFS?

The default settings present the user with a random list of DFS servers in their site from which to choose.

How should you configure the domain account in VMM to integrate IPAM and VMM?

The domain account should be created to be a ?Run As? account on the VMM.

Why would you get the error *** ns.domain.com can't find child.domain.com.: Non-existent domain when using the nslookup utility to query records in a child domain?

The name server does not allow zone transfers to the zone that contains records for the child domain

Why would you get the error *** Can't find server name for address w.x.y.z: Timed out when starting the nslookup utility?

The name server does not exist or the name server does not have a PTR record in a reverse lookup zone

When configuring MAC address ranges on different Hyper-V hosts, what guidelines should you follow?

The ranges that you specify cannot overlap. The first three octets of the beginning and ending MAC address must be the same. You must enter a valid hexadecimal values between 00 and FF.

What will happen if all scopes on a DHCP server are deactivated, but the DHCP server is authorized?

The scope must be activated to issue IP addresses to clients on the subnet

How can you tell if a zone is signed in DNS Manager?

The zone will have a lock icon next to it.

When you set the Active Directory DNS zone to support only secure dynamic updates, how can Linux computers register (A) and (AAAA) records in the DNS zone?

They cannot. Secure dynamic updates only register host records for computers that are members of the domain.

What is the role of the Teredo server?

To assist the Teredo clients with address configuration and to facilitate IPv6 connectivity on an IPv4 Internet

If a DHCP server is connected to two subnets, what should you do to ensure that the DHCP server does NOT assign addresses on one of the subnets?

Unbind DHCP from the network interface card (NIC) connected to the subnet to which you do not want to assign IP addresses.

Which three role services are included in the Windows Server 2016 Remote Access server role?

VPN and DirectAccess (also known as Remote Access Service, or RAS), Routing, and Web Application Proxy

What is the purpose of the user class option in Dynamic Host Configuration Protocol (DHCP)?

You can group computers with similar configuration needs within one scope.

What concept or feature can be used to host a test DNS zone only on a specific set of DNS servers?

You could utilize an application directory partition for that purpose, since you can specify the set of servers allowed to hold the partition.

What are the topology requirements for installing IPAM on a Windows Server?

You must install IPAM on a single-purpose Windows Server that is a domain member. You cannot install IPAM on a domain controller.

When executing the New Connection Request Policy Wizard, which condition will ensure that only requests from a specific VPN server are forwarded to the Network Policy server?

You will need to specify the Client IPv4 address condition

What must you have for an IPAM server running Windows Server 2016 to discover DNS and DHCP servers in another forest?

a domain account that is created as a ?Run As? account on the VMM

What type of DNS zone is a complete copy of all the records in the parent zone?

a secondary zone

What type of DNS zone is a partial copy of the forward lookup records, and includes only the records of the DNS servers that hold the primary or secondary files?

a stub zone

At what level(s) must DNS record scavenging be enabled?

at both the server level and the zone level

By default, what is the name of the DNS debug log on a DNS server in Windows Server 2012 and above?

debugdnslog.txt

Which component of the SOA record contains the name of the person responsible for administering the domain's zone file?

e-mail address of the person responsible

On which DNS server must trust anchors be configured?

every non-authoritative DNS server that will attempt to validate DNS data

Even though a fd00::/8 unique local address (ULA) is not meant to be routed outside an administrative domain (site or organization), why can administrators use this ULA when routing interconnection networks?

the risk of address collision is extremely small if networks require routing ULAs

What are the implications if IPAM is installed on the same server as DHCP Server?

then DHCP server discovery will be disabled