5.7 Flashcards

1
Q

You are the network administrator for westsim.com. The network consists of a single domain. All the servers
run Windows Server 2012 R2. All the clients run Windows 7 or Windows 8.
The main office contains a server named RRASl, that has been configured to provide DirectAccess
connectivity for clients. A group named DirectAccess Clients has been enabled for DirectAccess. Users
complain that they are unable to connect to the internal network using DirectAccess. You need to ensure that
the users can connect to RRASl using DirectAccess.
What should you do?

In Active Directory Users and Computers, add an e-mail address to each user account.

In Active Directory Users and Computers, add the computer accounts of the users’ computers to the DirectAccess Clients group.

In Active Directory Users and Computers, add the user accounts of the users to the DirectAccess
Clients group.

On each client computer, ensure that the netlogon service is started.

A

In Active Directory Users and Computers, add the computer accounts of the users’ computers to the DirectAccess Clients group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You are the network administrator for westsim.com. The network consists of a single domain named
westsim.com. All the servers run Windows Server 2012 R2. All the clients run Windows 7 or Windows 8.
The main office contains a server named RRASl that has been configured to provide DirectAccess
connectivity for clients. Clients complain that when they connect via DirectAccess, they are not able to
resolve intranet names.
What should you do?

Provide a static entry for RRASl.westsim.com in the clients Hosts file.

Create a new AAAA record for RRASl.westsim.com in the westsim.com domain.

Check for .westsim.com in the Name Resolution Policy Table.

Define a connection-specific suffix for westsim.com in the client DNS settings.

A

Check for .westsim.com in the Name Resolution Policy Table.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You are the network administrator for westsim.com. The network consists of a single domain. All the servers
run Windows Server 2012 R2. All the clients run Windows 8 Enterprise edition.
The main office contains a server named RRASl. You are in the process of configuring RRASl to support
DirectAccess connections. You need to configure RRASl to allow IPv6 connectivity for the clients to RRASl for
the purpose of DirectAccess.
What should you do?

Configure Windows Firewall with Advanced Security to allow ICMPv6 Echo Requests.

Configure two static Link Local addresses on RRASl.

Configure two static consecutive Global Unicast addresses on RRASl.

Configure an IPv6 static multicast address on RRASl.

A

Configure Windows Firewall with Advanced Security to allow ICMPv6 Echo Requests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are the network administrator for westsim.com. The network consists of a single domain. All the servers
run Windows Server 2012 R2. All the clients run Windows 8 Enterprise. There is a single main office located in
New York. A perimeter network separates the main office from the Internet.
Corporate policy requires that all servers be isolated from the Internet. No external clients may directly
access internal resources unless the connection is secure. External connections to servers located in the
perimeter network are permitted.
You plan to implement DirectAccess to support encrypted connections from remote clients to the internal
network. A server named RRASl will provide DirectAccess connections for the clients. The DirectAccess
clients will use IP-HTTPS connections. Certificates for the DirectAccess clients and servers will be issued by an
Enterprise root CA named CA1. You need to configure CA1 to support DirectAccess clients.
What should you do?

Install the Online Responder role service on CA1.

Publish the CA1 Certificate Revocation List (CRL) on a server in the perimeter network.

Add an entry for RRASl to the Hosts file on CA1.

Publish the Enrollment Agent certificate on CA1.

A

Publish the CA1 Certificate Revocation List (CRL) on a server in the perimeter network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You have a laptop that runs Windows 8 Enterprise.
You want to use the laptop to connect to your corporate intranet while you are at home or traveling. Your
solution should meet the following requirements:

The computer should connect automatically to the intranet without user initiation.
All communications between your laptop and the intranet should be encrypted.
The connection should allow for remote management of the computer from the corporate intranet.
Internet traffic should be directed to Internet servers without going through servers at the corporate
network.
The solution should work through firewalls where only HTTP and HTTPS are permitted.
Which feature should you implement?

BitLocker To Go

BranchCache

DirectAccess

IKE v2 VPN

A

DirectAccess

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You have purchased a new laptop that runs Windows 8 Professional.

You want to use DirectAccess to connect the computer to your corporate intranet. You will use Group Policy to
enforce DirectAccess settings on the client.

What should you do to configure the laptop for the DirectAccess connection? (Select two.)

Upgrade the computer to Windows 8 Enterprise.

Join the computer to a domain.

Use Windows Firewall with Advanced Security to enable the DirectAccess firewall rules.

Create a VPN connection that uses the IKE v2 protocol.

Run the netsh command and set the service mode to Distributed.

A

Upgrade the computer to Windows 8 Enterprise.

Join the computer to a domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have purchased a new laptop that runs Windows 8 Enteprise.
You want to use DirectAccess to connect the computer to your corporate intranet from home. Your home
network is connected to the Internet with a single public IP address and NAT. Firewalls between your network
and the intranet allow only HTTP and HTTPS traffic.
What should you do to configure the laptop for the DirectAccess connection?

Obtain a computer certificate for the laptop.

Create a VPN connection that uses SSTP for the tunneling protocol.

Disable IPv6 on your computer.

Run Windows Firewall with Advanced Security and enable the DirectAccess firewall rules.

A

Obtain a computer certificate for the laptop.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You would like to implement DirectAccess on your corporate network.
Which of the following is not an infrastructure requirement for using DirectAccess?

IPv6

Active Directory Certificate Services

Network access for files server role

Active Directory Domain Services

A

Network access for files server role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You have a laptop computer that runs Windows 8 Enterprise. The computer is a member of a domain.
You want to use DirectAccess to access application servers on your corporate intranet. Application servers run
Windows Server 2003 and Windows Server 2008. You want to configure a single access method for all servers
and clients.
Which connection method should you use?

Selected server access (modified end-to-edge)

Full enterprise network access (end-to-edge)

End-to-end access

A

Full enterprise network access (end-to-edge)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have a laptop computer that runs Windows 8 Enterprise. The computer is a member of a domain.
You want to use DirectAccess to access application servers on your corporate intranet. Application servers run
Windows Server 2008 R2.
You need to implement a solution that does the following:

All communications sent to the private network over the Internet are encrypted.
Client computers authenticate with application servers on the intranet.
Following authentication, traffic on the intranet is not encrypted.

What should you do? (Select two. Each choice is a required part of the solution.)

Configure end-to-end access.

Upgrade application servers to Windows Server 2008 R2.

Configure full enterprise network access (end-to-edge).

Upgrade your laptop to Windows 7 Enterprise.

Configure selected server access (modified end-to-edge).

A

Upgrade application servers to Windows Server 2008 R2.

Configure selected server access (modified end-to-edge)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You manage Windows 7 and Windows 8 notebooks that have been joined to the mydomain.com Active
Directory domain.
Because these notebook systems are frequently taken on sales visits to client sites, you have decided to
implement DirectAccess on your network. You run the setup for DirectAccess on the DA1 server with the
following choices:

End-to-end authentication with a smart card required for authentication
Root certificate from ca1.mydomain.com
Security group name of DirectAccessGroup
The Network Location service runs on the DirectAccess server

You need to configure the client computers for the DirectAccess connection.
What should you do?

Run the Windows Firewall with Advanced Security on each client computer to open the DirectAccess
firewall ports.

Configure a static IPv6 address for each client computer.
Add the computer account for each client computer to the DirectAccessGroup security group.

Copy the private key for ca1.mydomain.com to each client computer.

A

Add the computer account for each client computer to the DirectAccessGroup security group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly