Configure Network Services and Access

Question 1

How would you add a New Mail Server record on DNS?

Answer 1

PS: Add-DnsServerResourceRecordMx

CMD: Dnscmd

Question 2

When viewing an SRV Record…

1. What is the priority of the Servers?
2. What is the weight?
3. What port is it using?

Answer 2

priority= 0

weight= 100

port= 389

Weight: A load-balancing mechanism that is used when selecting a target host from those that have the same priority. Clients randomly choose SRV records that specify target hosts to be contacted, with probability proportional to the weight

Priority: The priority of the server. Clients attempt to contact the server with the lowest priority.

Question 3

1. What would make the server DC1.corp.net be used less?
2. What would make the server DC1.corp.net be used more?

Answer 3

1. Change the priority to a higher number. (I.E. 50)
2. Change the priority of DC2 & DC3 to a higher number (I.E. 50)

priority= 0

weight= 100

port= 389

Weight: A load-balancing mechanism that is used when selecting a target host from those that have the same priority. Clients randomly choose SRV records that specify target hosts to be contacted, with probability proportional to the weight

Priority: The priority of the server. Clients attempt to contact the server with the lowest priority.

Question 4

Looking at the Attached image

1. What does the SRV Priority do?
2. What does the SRV Weight do?
3. What does the SRV Port do?

Answer 4

priority= 0

weight= 100

port= 389

Weight: A load-balancing mechanism that is used when selecting a target host from those that have the same priority. Clients randomly choose SRV records that specify target hosts to be contacted, with probability proportional to the weight

Priority: The priority of the server. Clients attempt to contact the server with the lowest priority.

Port: The port where the server is listening for this service.

Question 5

You have servers that have the same name configured in DNS. You need to make sure that if one goes offline, another can respond to the users. Response time needs to be reduced. What should you do?

Answer 5

Decrease the Time to Live on the web servers’ records

Question 6

When would you use IKEv2/IPSec vs L2TP/IPsec?

Answer 6

When you want automatic resoration of a connection after a brief intrruption

Question 7

1. What is a DNS Primary Zone?
2. How many Primary Zones can you create?

Answer 7

1. A read/write copy of DNS.
2. Only 1

Question 8

What is a DNS Secondary Zone?

Answer 8

A Read Only copy of the DNS Zone

Question 9

What is a DNS Stub Zone?

Answer 9

Creates a copy of a Zone containing only:

• Name Server
• State of Authority
• A Records

Non-Authoritative Zone

Question 10

How do you create a primary DNS Zone?

Answer 10

1. Select Forward Lookup Zone
2. Right click New Zone…
3. Select Zone Type (Primary)
4. Create a Zone Name
5. It will then create a new zone file with the Zone file name
6. Select Security (AD Integrated, NonSecure/Secure, No Dynamic Updates)

Question 11

1. How do you create a Secondary Zone?
2. Can you store it in Active Directory?

Answer 11

1. Creating a Secondary Zone
   
   1. Right Click on, Forward Lookup Zone
   2. Select New Zone…
   3. Select a Zone Type - Secondary Zone
   4. Create a Zone Name
   5. Select a Master Server
   6. You then need to the Master Server and Select the Zone Properties, Zone Transfers Tab and Add to the list for Allow Zone Transfers
2. Can you store it in AD?
   
   1. No

Question 12

1. How do you create a Stub Zone?
2. Can you store it in AD?

Answer 12

1. Stub Zone Creation
   
   1. Select how you want zone data replicated
      
      1. All DNS Servers running on a Domain Controller - Forest Replication
      2. All DNS Servers running on a Domain Controller - Replication
      3. All DCs in the Domain
      4. Specified Domain Controllers
   2. Select a Zone Name
   3. Select a Master DNS Server
2. Yes

Question 13

How do you create a Conditional Forwarder?

Answer 13

1. Select a DNS Domain
2. Enter the IP or Server FQDN
3. Select to store it in AD

Question 14

What does DNS Zone Delegation do?

Answer 14

Allows child domains to controll there own DNS. Because Lab.net is responsible for all domains ending in Lab.net

Question 15

How would you delegate a DNS zone?

Answer 15

On the DNS Server

1. Select the DNS zone you would delegate
2. Right click, Select New Delegation…
3. Specifiy the child domain you want delegated
4. Enter the FQDN and the IP Address for the server

Then on the Child Domain DNS Server

1. Create a New Zone using the child namespace

Question 16

How do you configure zone transfer settings?

Answer 16

1. Right Click on the Zone and select Properties
2. Select the Zone Transfers Tab
3. Select Allow Zone Transfers
   
   1. Select One of the Following:
      
      1. Any Server
      2. Servers listed on the Name Server Tab
      3. Only to the following Servers

Question 17

1. How do you configure DNS Notify Settings?
2. What does DNS Notify Do?

Answer 17

1. Notify Settings
   
   1. One the Zone Properties, on the Zone Transfers Tab, Select Notify…
   2. Select Either
      
      1. Servers listed on the Name Server Tab
      2. Only the Servers listed here
2. Notifies other DNS Servers of changes made in between Replication

Question 18

DNS Records

1. What does a SOA Record stand for?
2. What is different about the SOA record?

Answer 18

1. SOA - Start of Authority
2. It is a tab on the Zone properties and is the first record created in the Zone

Question 19

What informaiton is on the SOA Record?

Answer 19

• Serial Number
• Primary Server
• Responsible Person
• Refresh Interval
• Retry Interval
• Expires After
• Minimum TTL
• TTL for this record

Question 20

On the SOA Record

1. What does the Serial Number do?
2. What does the Primary Server do?
3. What does the Responsible person used for?

Answer 20

1. Used for keeping track of replication between servers
2. What server is primary
3. Used for contacting owner of DNS Zone

Question 21

On the SOA record

1. What does the Refresh Interval do?
2. What does the Retry Interval do?
3. What does the Expires After do?
4. What does the Minimum TTL do?
5. What does the TTL for this record do?

Answer 21

1. How long between the DNS servers replicate any changes
2. Used for how long it will wait to retry if the refresh failed
3. Used for if after this period of time the server has been upable to refresh it marks its data as stale and stops responding to queries
4. Time to Live - how long someone can cache a query
5. How long a client can cache the DNS SOA record

Question 22

1. What is a Name Server Record in DNS?
2. How is it different from other types of records?

Answer 22

1. It lists all of the Name Servers that are hosting that zone
2. It is a tab on the Zone properties

Question 23

What do Service Records do?

Answer 23

They point back to a A or AAAA record with a Server Name

Question 24

What creates SRV records?

Answer 24

The Net Logon Service

Question 25

What CMDs should you run?

How do you recreate SRV types if you accidently delete them?

Answer 25

Run the following CMD

• net stop netlogon
• net start netlogon

Question 26

1. How do you Configure DNS Scavenging?
2. When do records get deleted?

Answer 26

1. How do you Configure DNS Scavenging?

• You select the Server
• Right Click, Select Set Aging/Svanenging for All Zones…
• Select Scavenge Stale resource records
  
  • Select a No-refresh Interval
  • Select a Refresh Interval

2. Records get deleted once it has gone past the (No-Refresh + Refresh Interval)

Question 27

Why would you turn TTL down?

Answer 27

You would use for round robin, so that a web server (if more than 1 are used) is not hit constantly. The computer would look up the web server in DNS and round robin switches which server you hit

Question 28

How do you set the deafult TTL for newly created records?

Answer 28

Edit the SOA TTL and that will affect only newly created records

Question 29

When is DNS Secure Only Dynamic Updates Avalible?

Answer 29

Only when the DNS Zone is Active Directory Integrated

Question 30

What does the following PowerShell CmdLet Do?

Add-DnsServerResourceRecord

Answer 30

Adds a resource record of a specified type to a specified DNS zone.

Question 31

What does the following PowerShell CmdLet Do?

Add-DnsServerResourceRecordA

Answer 31

Adds a type A resource record to a DNS zone.

Question 32

What does the following PowerShell CmdLet Do?

Add-DnsServerResourceRecordAAAA

Answer 32

Adds a type AAAA resource record to a DNS server.

Question 33

What does the following PowerShell CmdLet Do?

Add-DnsServerResourceRecordCName

Answer 33

Adds a type CNAME resource record to a DNS zone.

Question 34

What does the following PowerShell CmdLet Do?

Add-DnsServerResourceRecordDS

Answer 34

Adds a type DS resource record to a DNS zone.

Question 35

What does the following PowerShell CmdLet Do?

Add-DnsServerResourceRecordDnsKey

Answer 35

Adds a type DNSKEY resource record to a DNS zone.

Question 36

What does the following PowerShell CmdLet Do?

Add-DnsServerResourceRecordMX

Answer 36

Adds an MX resource record to a DNS server.

Question 37

What does the following PowerShell CmdLet Do?

Add-DnsServerResourceRecordPtr

Answer 37

Adds a type PTR resource record to a DNS server.

Question 38

What does the following command do?

dnscmd /recordadd

Answer 38

adds a resource record to a zone.

Question 39

What does the following command do?

dnscmd /recorddelete

Answer 39

removes a resource record from a zone.

Question 40

What does the following command do?

dnscmd /createdirectorypartition

Answer 40

creates a DNS application directory partition.

Question 41

What does the following command do?

dnscmd /deletedirectorypartition

Answer 41

deletes a DNS application directory partition.

Question 42

What does the following CMD do?

dnscmd /config /RoundRobin 1

Answer 42

set dns server to use roundrobin order for returning A records

Question 43

What Role Services can you install with Remote Access?

Answer 43

1. DirectAccess and VPN (RAS)
2. Routing
3. Web Application Proxy

Question 44

How do you configure NAT?

Answer 44

1. Open up Routing and Remote Access Console
2. Select and Right Click the Server
3. Select Configure and Enable Routing and Remote Access
4. Select NAT (Network Address Translation)
5. Select which interface connects to the internet

Question 45

How do you configure VPN?

Answer 45

1. Open up Routing and Remote Access Console
2. Select and Right Click the Server
3. Select Configure and Enable Routing and Remote Access
4. Select Remote Access (dail-up or VPN)
   
   1. Check the box for either Dial-up, VPN, or Both
5. Select which interface connects to the internet
   
   1. Ensure that (Enable Security on the selected interface ) is checked
6. Select if the IP Address is assigned via DHCP or from a specified Range
7. Select if the Server is a RADIUS server or will authenticate on its own

Question 46

What settings do you need to configure on a user account to allow VPN access?

Answer 46

• On the User Account
  
  • Select the Dial-in tab
  • Specify the Network Access Permission
    
    • Allow Access
    • Deny Access
    • Control through NPS

Question 47

What is Web Application Proxy?

Answer 47

It is a proxy used for Web applications for outside connections to a Server without exposing the Application Server

Question 48

What are the server requirements for Implementing DirectAccess?

Answer 48

• Network Location Server
• DNS
• Direct Access Server

Question 49

What are the client requirements for DirectAccess?

Answer 49

Must be running:

Windows 7 - Ultimate/Enterprise

Windows 8 Pro/Enterprise

Windows 8.1 Pro/Enterprise

Question 51

What systems can use DirectAccess to do an Offline domain Join?

Answer 51

Windows 8 and 8.1