Final: 70-411 Chapter: Chapters 8-14

to verify a user’s identity
Authentication is used for what purpose?
to grant access to a user
Authorization is used for what purpose?
recording user’s actions
Auditing is used for what purpose?
IP addresses
The Domain Name System (DNS) works much like a phone book to associate URLs (names) with what kinds of numbers?
53
Which TCP/UDP port does the DNS service use to communicate?
Fully Qualified Domain Name
What does the acronym FQDN stand for?
sales.microsoft.com
Which one of the following is an example of an FQDN?
hierarchical distributed
What type of structure does DNS have?
.net
Which of the following is an example of a top-level domain?
blah.com
Which of the following is an example of a second-level domain?
host
A specific, individual computer or other network device in a domain is known as what?
DNS resolver
What is another term for DNS client?
forward lookup zone
Which type of DNS zone resolves host names to IP addresses?
multi-master
By using the Active Directory’s integrated zone, DNS follows what kind of model?
fault tolerance
What is one of the primary advantages to using Active Directory to store DNS information?
They allow you to break up larger domains into smaller, more manageable ones.
What is one advantage of subdomains?
necessary resource entries
A stub zone is a zone copy that contains only what type of records?
It speeds DNS queries by building a DNS request cache.
What is the primary advantage of a caching-only DNS server?
canonical name or CNAME
What is another designation for an Alias?
the zone serial number
A Start of Authority record specifies what kind of information about a zone?
a CNAME record
If you have a server named server1.blah.com, want to use it as your web server, and have requests point to www.blah.com, what kind of DNS record would you create?
reverse lookup zones
Before creating PTR records, what DNS objects must you create?
the length of time a record remains in DNS cache
What does Time to Live (TTL) mean in DNS parlance?
balanced
Round-robin DNS is a term that refers to what kind of distribution mechanism for DNS responses to queries?
ipconfig /all
Which command do you use to verify local DNS settings?
It places you into nslookup’s interactive mode.
What does issuing the nslookup command with no parameters do on your system?
SOA record
Which DNS record contains the serial number for the zone?
AD server
Which of the following is an example of an SRV record?
delete resource records
You can use the dnscmd command to create zones. What other tasks can you perform with it?
maps a host name to a single IPv6 address
If an A record maps a host name to an IP address, what does an AAAA record do?
nslookup 192.168.1.50
Which one of the following is correct for querying a PTR record?
Execute ipconfig /registerdns.
How can you force a system to update its DNS record?
The PTR record doesn’t exist.
If you issue the command nslookup 192.168.1.50 and get no response, but then issue nslookup server1 and receive 192.168.1.50 as a response, what do you know is wrong?
They no longer supply acceptable bandwidth.
Why are phone lines and ISDN not used today for remote access services (RAS)?
two network interface cards
What special hardware configuration should a RAS server have?
for enhanced security
Why would you set Verify Caller ID on a remote dial-up connection for a user?
Create and distribute an executable file that contains all the settings.
What is the most efficient way to deploy VPN (virtual private network) configurations to hundreds of users?
if your users have laptop computers and work from home or office
When would you want to use a split tunnel for users?
encapsulation
What term is defined as private data placed in a packet with a header containing routing information that allows the data to traverse a transit network, such as the Internet?
You can’t ping that interface.
What is the result of enabling security on the RRAS interface in your RAS server?
VPN traffic is encrypted.
Why use a VPN for client-to-server connections over the Internet?
by cryptographic checksum
How is data verified when transferred through the Internet?
PPTP
Of the four VPN tunneling protocols, which has the weakest encryption?
PAP
Which authentication method is weakest (least secure)?
MS-CHAPv2
Which authentication protocol allows you to change an expired password during the connection process?
IKEv2
Which VPN protocol provides constant connectivity?
for light traffic on small networks
When is it appropriate to use Windows Server 2012 as a router between two networks?
through the use of RIP
How are routing tables created dynamically?
Windows 7/Windows Server 2008 R2
DirectAccess was introduced with which workstation/server pair?
bi-directional
What kind of connectivity does DirectAccess establish between workstation and server?
web
What type of server is the network location server (NLS)?
Intra-Site Automatic Tunnel Addressing Protocol
What does the acronym ISATAP stand for?
Remote Access Management Console
What utility do you use to configure DirectAccess?
two consecutive public IP addresses
Windows Server 2012 varies from the Windows Server 2008 R2 implementation in that it does not require which one of the following?
The DirectAccess server must be part of an Active Directory domain.
What is the most basic requirement for a DirectAccess implementation?
IP-HTTPS
If the client cannot reach the DirectAccess server using 6to4 or Teredo tunneling, the client tries to connect using what protocol?
shows the NRPT rules as configured on the group policy
What does the netsh namespace show policy command do?
determines the results of network location detection and the IPv6 addresses of the intranet DNS servers
What does the netsh namespace show effectivepolicy command do?
seamless and always on
What kind of connectivity does DirectAccess provide between client computers and network resources?
Internet
DirectAccess is for clients connected to which network?
computer and user credentials
How do the DirectAccess server and DirectAccess client authenticate each other?
Windows Server 2008
Which one of the following operating systems may not act as a DirectAccess client?
an AD domain
In addition to meeting operating system requirements, a DirectAccess client must be a member of what?
a RADIUS proxy server
What kind of RADIUS server is placed between the RADIUS server and RADIUS clients?
authorization
What process determines what a user is permitted to do on a computer or on a network?
Network Policy Server
What is a RADIUS server known as in Microsoft parlance?
1812 and 1813
Which ports do Microsoft RADIUS servers use officially?
the NPS server
When an access client contacts a VPN server or wireless access point, a connection request is sent to what system?
the access server
Which system, in a RADIUS infrastructure, handles the switchboard duties of relaying requests to the RADIUS server and back to the client?
an Accounting-Response to the access server
What is the final step in the authentication, authorization, and accounting scenario between an access client and the RADIUS server?
RADIUS server
To configure RADIUS service load balancing, you must have more than one kind of what system per remote RADIUS server group?
priority
Which parameter specifies the order of importance of the RADIUS server to the NPS proxy server?
templates
Using what feature can streamline the creation and setup of RADIUS servers?
the type of service and the user it’s delivered to
What information does the Accounting-Start message contain?
the RADIUS accounting server
Which system is the destination for Accounting-Start messages?
certificate
What type of NPS authentication is recommended over password authentication?
Usernames and passwords are sent in plain text.
Why is password-based authentication not recommended?
a certificate authority
Where do you get certificates for authentication purposes?
who, when, and how
An NPS policy is a set of permissions or restrictions that determine what three aspects of network connectivity?
group membership
Which variable can be set to authorize or deny a remote connection?
RADIUS
The default connection request policy uses NPS as what kind of server?
locally
Where is the default connection policy set to process all authentication requests?
how IP addresses are assigned
What is the last setting in the Routing and Remote Access IP settings?
netsh
What command-line utility is used to import and export NPS templates?
XML
To which type of file do you export an NPS configuration?
when the source NPS database has a higher version number than the version number of the destination NPS database
When should you not use the command-line method of exporting and importing the NPS configuration?
who is authorized to connect AND the connection circumstances for connectivity
Network policies determine what two important connectivity constraints?
constraints
When the Remote Access server finds an NPS network policy with conditions that match the incoming connection attempt, the server checks any _______________ that have been configured for the policy.
denies
If a remote connection attempt does not match any configured constraints, what does the Remote Access server do to the connection?
Shared Secrets AND Health Policies AND RADIUS Clients
Identify the correct NPS templates. Select all that apply.
Client May Request an IP Address AND Server Must Supply an IP Address
Which two of the following are Routing and Remote Access IP settings?
Server Settings Determine IP Address Assignment
Which Routing and Remote Access IP setting is the default setting?
MPPE 128-Bit
Which of the following is the strongest type of encryption?
a computer’s overall health
Network Access Protection (NAP) is Microsoft’s software for controlling network access of computers based on what?
NPS, NPS
Because NAP is provided by _________, you need to install _________ to install NAP.
IPv6
DHCP enforcement is not available for what kind of clients?
Anti-virus/anti-malware servers AND Software update servers
Identify two remediation server types.
read-only
What type of Active Directory domain controller is recommended to minimize security risks for remediation servers?
isolation
When you fully engage NAP for remediation enforcement, what mode do you place the policy in?
netsh nap client show state
To verify a NAP client’s configuration, which command would you run?
Security Center AND NAP Agent
Which two components must a NAP client have enabled in order to use NAP?
to provide user information in case of a compliance failure
Why do you need a web server as part of your NAP remediation infrastructure?
the NAP Server Event Viewer
Where do you look to find out which computers are blocked and which are granted access via NAP?
NAP-compliant AND NAP-noncompliant
Health policies are in pairs. What are the members of the pair? Select two.
the computers are running Windows Update
You should restrict access only for clients that don’t have all available security updates installed if what situation exists?
The computer is isolated.
What happens to a computer that isn’t running Windows Firewall?
network policies AND connection request policies
Health policies are connected to what two other policies?
pass all SHV checks
To use the NAP-compliant policy, the client must do what?
locally connected computers
Which computers are not affected by VPN enforcement?
NTLM
What is the default authentication protocol for non-domain computers?
NT LAN Manager
What does the acronym NTLM stand for?
sending a password to the server
NTLM uses a challenge-response mechanism for authentication without doing what?
a secure network authentication protocol
What type of protocol is Kerberos?
secret key
Kerberos security and authentication are based on what type of technology?
5 minutes
What is the default maximum allowable time lapse between domain controllers and client systems for Kerberos to work correctly?