to verify a user’s identityAuthentication is used for what purpose?
to grant access to a userAuthorization is used for what purpose?
recording user’s actionsAuditing is used for what purpose?
IP addressesThe Domain Name System (DNS) works much like a phone book to associate URLs (names) with what kinds of numbers?
53Which TCP/UDP port does the DNS service use to communicate?
Fully Qualified Domain NameWhat does the acronym FQDN stand for?
sales. microsoft. comWhich one of the following is an example of an FQDN?
hierarchical distributedWhat type of structure does DNS have?
. netWhich of the following is an example of a top-level domain?
blah. comWhich of the following is an example of a second-level domain?
hostA specific, individual computer or other network device in a domain is known as what?
DNS resolverWhat is another term for DNS client?
forward lookup zoneWhich type of DNS zone resolves host names to IP addresses?
multi-masterBy using the Active Directory’s integrated zone, DNS follows what kind of model?
fault toleranceWhat is one of the primary advantages to using Active Directory to store DNS information?
They allow you to break up larger domains into smaller, more manageable ones. What is one advantage of subdomains?
necessary resource entriesA stub zone is a zone copy that contains only what type of records?
It speeds DNS queries by building a DNS request cache. What is the primary advantage of a caching-only DNS server?
canonical name or CNAMEWhat is another designation for an Alias?
the zone serial numberA Start of Authority record specifies what kind of information about a zone?
a CNAME recordIf you have a server named server1. blah. com, want to use it as your web server, and have requests point to www. blah. com, what kind of DNS record would you create?
reverse lookup zonesBefore creating PTR records, what DNS objects must you create?
the length of time a record remains in DNS cacheWhat does Time to Live (TTL) mean in DNS parlance?
balancedRound-robin DNS is a term that refers to what kind of distribution mechanism for DNS responses to queries?
ipconfig /allWhich command do you use to verify local DNS settings?
It places you into nslookup’s interactive mode. What does issuing the nslookup command with no parameters do on your system?
SOA recordWhich DNS record contains the serial number for the zone?
AD serverWhich of the following is an example of an SRV record?
delete resource recordsYou can use the dnscmd command to create zones. What other tasks can you perform with it?
maps a host name to a single IPv6 addressIf an A record maps a host name to an IP address, what does an AAAA record do?
nslookup 192. 168. 1. 50Which one of the following is correct for querying a PTR record?
Execute ipconfig /registerdns. How can you force a system to update its DNS record?
The PTR record doesn’t exist. If you issue the command nslookup 192. 168. 1. 50 and get no response, but then issue nslookup server1 and receive 192. 168. 1. 50 as a response, what do you know is wrong?
They no longer supply acceptable bandwidth. Why are phone lines and ISDN not used today for remote access services (RAS)?
two network interface cardsWhat special hardware configuration should a RAS server have?
for enhanced securityWhy would you set Verify Caller ID on a remote dial-up connection for a user?
Create and distribute an executable file that contains all the settings. What is the most efficient way to deploy VPN (virtual private network) configurations to hundreds of users?
if your users have laptop computers and work from home or officeWhen would you want to use a split tunnel for users?
encapsulationWhat term is defined as private data placed in a packet with a header containing routing information that allows the data to traverse a transit network, such as the Internet?
You can’t ping that interface. What is the result of enabling security on the RRAS interface in your RAS server?
VPN traffic is encrypted. Why use a VPN for client-to-server connections over the Internet?
by cryptographic checksumHow is data verified when transferred through the Internet?
PPTPOf the four VPN tunneling protocols, which has the weakest encryption?
PAPWhich authentication method is weakest (least secure)?
MS-CHAPv2Which authentication protocol allows you to change an expired password during the connection process?
IKEv2Which VPN protocol provides constant connectivity?
for light traffic on small networksWhen is it appropriate to use Windows Server 2012 as a router between two networks?
through the use of RIPHow are routing tables created dynamically?
Windows 7/Windows Server 2008 R2DirectAccess was introduced with which workstation/server pair?
bi-directionalWhat kind of connectivity does DirectAccess establish between workstation and server?
webWhat type of server is the network location server (NLS)?
Intra-Site Automatic Tunnel Addressing ProtocolWhat does the acronym ISATAP stand for?
Remote Access Management ConsoleWhat utility do you use to configure DirectAccess?
two consecutive public IP addressesWindows Server 2012 varies from the Windows Server 2008 R2 implementation in that it does not require which one of the following?
The DirectAccess server must be part of an Active Directory domain. What is the most basic requirement for a DirectAccess implementation?
IP-HTTPSIf the client cannot reach the DirectAccess server using 6to4 or Teredo tunneling, the client tries to connect using what protocol?
shows the NRPT rules as configured on the group policyWhat does the netsh namespace show policy command do?
determines the results of network location detection and the IPv6 addresses of the intranet DNS serversWhat does the netsh namespace show effectivepolicy command do?
seamless and always onWhat kind of connectivity does DirectAccess provide between client computers and network resources?
InternetDirectAccess is for clients connected to which network?
computer and user credentialsHow do the DirectAccess server and DirectAccess client authenticate each other?
Windows Server 2008Which one of the following operating systems may not act as a DirectAccess client?
an AD domainIn addition to meeting operating system requirements, a DirectAccess client must be a member of what?
a RADIUS proxy serverWhat kind of RADIUS server is placed between the RADIUS server and RADIUS clients?
authorizationWhat process determines what a user is permitted to do on a computer or on a network?
Network Policy ServerWhat is a RADIUS server known as in Microsoft parlance?
1812 and 1813Which ports do Microsoft RADIUS servers use officially?
the NPS serverWhen an access client contacts a VPN server or wireless access point, a connection request is sent to what system?
the access serverWhich system, in a RADIUS infrastructure, handles the switchboard duties of relaying requests to the RADIUS server and back to the client?
an Accounting-Response to the access serverWhat is the final step in the authentication, authorization, and accounting scenario between an access client and the RADIUS server?
RADIUS serverTo configure RADIUS service load balancing, you must have more than one kind of what system per remote RADIUS server group?
priorityWhich parameter specifies the order of importance of the RADIUS server to the NPS proxy server?
templatesUsing what feature can streamline the creation and setup of RADIUS servers?
the type of service and the user it’s delivered toWhat information does the Accounting-Start message contain?
the RADIUS accounting serverWhich system is the destination for Accounting-Start messages?
certificateWhat type of NPS authentication is recommended over password authentication?
Usernames and passwords are sent in plain text. Why is password-based authentication not recommended?
a certificate authorityWhere do you get certificates for authentication purposes?
who, when, and howAn NPS policy is a set of permissions or restrictions that determine what three aspects of network connectivity?
group membershipWhich variable can be set to authorize or deny a remote connection?
RADIUSThe default connection request policy uses NPS as what kind of server?
locallyWhere is the default connection policy set to process all authentication requests?
how IP addresses are assignedWhat is the last setting in the Routing and Remote Access IP settings?
netshWhat command-line utility is used to import and export NPS templates?
XMLTo which type of file do you export an NPS configuration?
when the source NPS database has a higher version number than the version number of the destination NPS databaseWhen should you not use the command-line method of exporting and importing the NPS configuration?
who is authorized to connect AND the connection circumstances for connectivityNetwork policies determine what two important connectivity constraints?
constraintsWhen the Remote Access server finds an NPS network policy with conditions that match the incoming connection attempt, the server checks any _______________ that have been configured for the policy.
deniesIf a remote connection attempt does not match any configured constraints, what does the Remote Access server do to the connection?
Shared Secrets AND Health Policies AND RADIUS ClientsIdentify the correct NPS templates. Select all that apply.
Client May Request an IP Address AND Server Must Supply an IP AddressWhich two of the following are Routing and Remote Access IP settings?
Server Settings Determine IP Address AssignmentWhich Routing and Remote Access IP setting is the default setting?
MPPE 128-BitWhich of the following is the strongest type of encryption?
a computer’s overall healthNetwork Access Protection (NAP) is Microsoft’s software for controlling network access of computers based on what?
NPS, NPSBecause NAP is provided by _________, you need to install _________ to install NAP.
IPv6DHCP enforcement is not available for what kind of clients?
Anti-virus/anti-malware servers AND Software update serversIdentify two remediation server types.
read-onlyWhat type of Active Directory domain controller is recommended to minimize security risks for remediation servers?
isolationWhen you fully engage NAP for remediation enforcement, what mode do you place the policy in?
netsh nap client show stateTo verify a NAP client’s configuration, which command would you run?
Security Center AND NAP AgentWhich two components must a NAP client have enabled in order to use NAP?
to provide user information in case of a compliance failureWhy do you need a web server as part of your NAP remediation infrastructure?
the NAP Server Event ViewerWhere do you look to find out which computers are blocked and which are granted access via NAP?
NAP-compliant AND NAP-noncompliantHealth policies are in pairs. What are the members of the pair? Select two.
the computers are running Windows UpdateYou should restrict access only for clients that don’t have all available security updates installed if what situation exists?
The computer is isolated. What happens to a computer that isn’t running Windows Firewall?
network policies AND connection request policiesHealth policies are connected to what two other policies?
pass all SHV checksTo use the NAP-compliant policy, the client must do what?
locally connected computersWhich computers are not affected by VPN enforcement?
NTLMWhat is the default authentication protocol for non-domain computers?
NT LAN ManagerWhat does the acronym NTLM stand for?
sending a password to the serverNTLM uses a challenge-response mechanism for authentication without doing what?
a secure network authentication protocolWhat type of protocol is Kerberos?
secret keyKerberos security and authentication are based on what type of technology?
5 minutesWhat is the default maximum allowable time lapse between domain controllers and client systems for Kerberos to work correctly?