VPN

Question 1

What is a Virtual Private Network?

Answer 1

A logical “overlay” on top of an existing network that can provide security to the traffic going over the VPN.

Question 2

What is one protocol built-in to Windows Server 2016 to build a VPN tunnel?

Answer 2

Point-to-Point Tunneling Protocol (PPTP).

Worst option for VPN security.

Question 3

What are better options/protocols to use to build VPNs?

Answer 3

L2TP/IPSec (Layer 2 Tunneling Protocol), SSTP (Secure Socket Tunneling Protocol), and IKEv2 (Internet Key Exchange Version 2)

Question 4

What protocols are supported in Server 2016 to provide Authentication services?

Answer 4

PAP (Password Authentication Protocol): Sends passwords in plain text

CHAP (Challenge Handshake Authentication Protocol): Challenge and response method. Uses MD5 Hash

MS-CHAP-v2

EAP (Extensible Authentication Protocol)

Question 5

Which Role allows a server to provide VPN services?

Answer 5

Remote Access.

Question 6

What command is used to verify network connectivity, as well as verify the local interface used for the connection?

Answer 6

Test-NetConnection

Question 7

What is the management tool used to configure DirectAccess?

Answer 7

Remote Access Management

Question 8

What are two different implementation methods of VPNs?

Answer 8

Remote Access VPNs and Site-to-Site VPNs

Question 9

Within the Routing and Remote Access management tool, in the properties of the VPN server, what tab allows you to upgrade your VPN protocol (e.g., L2TP/IPsec)?

Answer 9

Security

Question 10

On a VPN client, in the properties of the VPN network adapter (Network Connections window), what tab is used to force a client to use a specific VPN protocol; PPTP, L2TP/IPSec, SSTP, IKEv2.

Answer 10

Security

Question 11

On a VPN client, what VPN type is configured by default?

Answer 11

Automatic. Requires the least amount of configuration but also the least amount of security (PPTP).

Question 12

What VPN protocol requires a pre-shared key?

Answer 12

IPSec (L2TP/IPSec)

Question 13

DirectAccess is an IPv6 solution that can leverage IPv4 infrastructure. True or False?

Answer 13

True.

Question 14

When installing DirectAccess on your server, you need to be logged in as the _____ administrator.

Answer 14

Domain

Question 15

What role is required to install for DirectAccess?

Answer 15

Remote Access

Question 16

What PowerShell command is used to view currently applied GPOs?

Answer 16

gpresult /r

Question 17

What command gets the IP-HTTPS configuration from a computer or GPO as well as displays the configuration type and ServerURL?

Answer 17

Get-NetIPHTTPSConfiguration

Question 18

What could be possible causes of DirectAccess not functioning correctly?

Answer 18

1. No IPv4 connectivity to the Access server.
2. IPv6 is not correctly configured in the infrastructure.
3. DNS is not working for both IPv4 and IPv6.
4. A Group Policy did not get applied. This can be checked with the gpresult /r.

Question 19

What does CMAK stand for?

Answer 19

Connection Manager Administration Kit

Question 20

In creating a Site-to-Site VPN, what tab is used regarding a user’s properties to allow Network Access Permission?

Answer 20

Dial-in

Question 21

With an empty local DNS cache to begin with, a successful ping from a client at site 1 to hostname at site 2 verifies which of the following are working?

Answer 21

DNS, VPN, and IP Connectivity.

Question 22

Both sides of a VPN tunnel need to have the same authentication protocols configured. True or False?

Answer 22

True.

Question 23

What are some causes as to why a site-to-site VPN will fail?

Answer 23

1. Remote access has not been allowed.
2. Static routes have not been configured.
3. User accounts have not been configured.
4. Authentication protocols are not the same on both sides.

Question 24

Machine certificates are commonly used to identify end users. True or False.

Answer 24

False.