Implement Network Connectivity and Remote Access Solutions Flashcards
Which tunneling protocol introduced in Server 2016 can encapsulate a wide variety of network layer protocols inside a point-to-point links over an IP internetwor?
Generic Routing Encapsulation (GRE)
Which 3 role services are included in the Server 2016 Remote Access server role?
Direct Access and VPN, Routing and Web Application Proxy.
Which cmdlet would yo use to configure a NAT network named MyNATNetwork that is connected to the internal sub net of 192.168.100.0/24
New-NetNat -Name MyNATNetwork -InternalIPInterfaceAddress 192.168.100.0/24
What cmdlet would remove the Domain Computers security group in the nutex.com domain from being DirectAccess clients?
Remove-DAClient -SecurotyGroupNameList @(‘nutex.com\DirectAccessClients’)
How should you configure a NPS server in order to route RADIUS messages between RADIUS clients and RADIUS servers that perform user authentication, authorization and accounting?
As a RADIUS proxy.
What feature is not enabled by default when you create a new VPN in Windows, forcing all network traffic to be routed through the VPN when connected?
Split tunnelling
Which cmdlet would you use to create an internal switch named “NAT_MySwitch”
New-VMSwitch -Name “NAT_MySwitch” -SwitchType Internal
Which routing protocol in Server 2016 reduces the need for manual route configuration on routers because it is a dynamic routing protocol, and automatically learns routes between sites that are connected by using site-to site VPN connections?
Border Gateway Protocol (BGP)
What cmdlet adds a new external RADIUS server?
Add-RemoteAccessRadius
Which editions of Windows 10 support Direct Access?
Enterprise, Education and Enterprise 2015 (LTSB)
You have a customer with a branch office that has about twenty staff, each with a
personal computer running Windows 10. The branch office has a single Windows
Server 2016 computer that provides basic network services. How would you configure
Internet network connectivity for this branch office using the server? What are the
requirements of your solution?
You can install NAT by adding the Routing role service on the server. This requires two
network adapters in the server, one connected to the private network and one to the
Internet. You could configure the NAT service so that it provided DHCP and DNS name
resolution for internal clients.
How will you configure clients at this customer site with the correct IP address settings
so that they can connect to the Internet?
After installing NAT, if you opt to use the DHCP allocator in NAT, there is nothing
further to do, because the clients are configured to use the NAT server as their default
gateway. However, if you opted to manually configure networked clients, you must
manually assign the private IPv4 address of the NAT server as the default gateway for
all clients on the private network.
Your customer wants to make a web server available to users on the Internet. How
could you make this configuration change?
You can modify the configuration of the NAT server so that it published the HTTP
port. To complete this task, you must know the private IPv4 address of the server on
the internal network. You can then use the Services and Ports page of the Internet
interface of the NAT server to define the location of the internal web server.
You have been tasked with planning a DirectAccess deployment for A Datum. Only
users in the Sales department will be using DirectAccess. Using the Getting Started
Wizard, how could you configure this?
You can create a global security group called Sales_Computers. Next, you can add
the computers for all sales users to that group. Next, in the Getting Started wizard, you
can modify the Remote Clients settings to use only the newly-created group.
After applying your strategy to the above requirement, you find that not all sales
computers are able to access internal resources when connected externally. What
should you do?
Use standard network troubleshooting techniques to determine whether those com-
puters are obtaining an appropriate IPv6 address. Next, verify correct application of
the DirectAccess Client Settings GPO by using the gpresult command. Finally, run the
Netsh name show effectivepolicy command to verify whether DirectAccess settings are
being applied.
