70-411 R2 Test Bank Lesson 10

70-411 Test Bank, Lesson 10 Configuring VPN and Routing
17 Multiple Choice
6 Short Answer
3 Best Answer
3 Build List
4 Repeated Answer
33 questions
Multiple Choice
1. Why are phone lines and ISDN not used today for remote access services (RAS)?
a. Theyre too expensive.
b. Theyre not secure enough.
c. They create dedicated access.
d. They no longer supply acceptable bandwidth.
Answer: d
Difficulty: Medium
Section Ref: The Remote Access Role
Explanation: By todays networking standards and bandwidth requirements, the
phone and ISDN system do not have the bandwidth needed. Therefore, this method
typically is not used today.
2. What special hardware configuration should a RAS server have?
a. two network interface cards
b. a dedicated phone line
c. a dedicated Internet connection
d. secure access to the Internet
Answer: a
Difficulty: Medium
Section Ref: Installing Routing and Remote Access
Explanation: Because the remote access computer connects an organizations
internal private network with the Internet, the server should have two network
cards.
3. Why would you set Verify Caller ID on a remote dial-up connection for a user?
a. for enhanced security
b. because you dont trust the user

c. because you want users to call in only from specific numbers
d. because its the default setting
Answer: a
Difficulty: Medium
Section Ref: Configuring Remote Dial-In Settings for Users
Explanation: If the Verify Caller ID check box is selected, the server verifies the
callers phone number. If the phone number does not match the configured phone
number, the connection attempt is denied, assuming that the caller, the phone
system between the caller and the server, and the remote access server all support
caller ID.
4. What is the most efficient way to deploy VPN (virtual private network)
configurations to hundreds of users?
a. Create and distribute a document that explains all the settings.
b. Create and distribute an executable file that contains all the settings.
c. Configure all the client systems manually.
d. Have the users bring in their systems individually for configuration.
Answer: b
Difficulty: Medium
Section Ref: Configuring Split Tunneling
Explanation: Configuring multiple clients to connect to a remote server can require
a lot of work and you can easily make an error. To help simplify administration of the
VPN client into an easy-to-install executable, you can use the RAS Connection
Manager Administration Kit (CMAK), which can also be installed as a feature in
Windows Server 2012. After an executable file is created that includes all the VPN
settings, the executable file is deployed on the client computers.
5. When would you want to use a split tunnel for users?
a. if your users work only from the office
b. if your users might compromise security by browsing to insecure sites
c. if your users have laptop computers and work from home or office
d. if your users often need remote assistance
Answer: c
Difficulty: Medium
Section Ref: Configuring Split Tunneling
Explanation: If you want to route your Internet browsing through your home Internet
connection rather than go through the corporate network, you can disable the Use
Default Gateway on Remote Network option. By disabling this option, you are using
a split tunnel.
6. What term is defined as private data placed in a packet with a header containing
routing information that allows the data to traverse a transit network, such as the
Internet?
a. routing
b. VPN
c. encapsulation
d. tunneling
Answer: c
Difficulty: Medium
Section Ref: Configuring VPN Settings
Explanation: Encapsulation is defined as private data encapsulated or placed in a
packet with a header containing routing information that allows the data to traverse
a transit network, such as the Internet.
7. What is the result of enabling security on the RRAS interface in your RAS server?
a. You cant connect to the Internet on that interface.
b. You cant ping that interface.
c. You cant provide network address translation (NAT) services to a local-area
network.
d. You cant use DHCP.
Answer: b
Difficulty: Hard
Section Ref: Configuring RRAS for Dial-Up Remote Access
Explanation: If you intend instead to use a firewall to protect your RRAS server, do
not enable the Enable security on the selected interface by setting up static packet
filters option. Also, if you enable this option, by default you cant ping the IP address
of the public network adapter because Internet Control Message Protocol (ICMP)
packets are blocked by the packet filters.
8. Why use a VPN for client-to-server connections over the Internet?
a. VPN traffic is protected by a firewall.
b. VPN traffic is encrypted.
c. VPN traffic goes undetected on the Internet.
d. VPN traffic is proxy-proof.
Answer: b
Difficulty: Medium
Explanation: VPNs link two computers or network devices through a wide-area
network (WAN) such as the Internet. Because the Internet is public and considered
insecure, the data sent between the two computers or devices is encapsulated and
encrypted.
9. How is data verified when transferred through the Internet?

a. by cryptographic checksum
b. by RAS callback options
c. by correct firewall settings
d. by using PPTP for VPN connections
Answer: a
Difficulty: Hard
Explanation: Data integrity verifies that the data sent over the VPN connection has
not been modified in transit. This is usually done with a cryptographic checksum
based on an encryption key known only to the sender and receiver.
10. Of the four VPN tunneling protocols, which has the weakest encryption?
a. L2TP
b. IKEv2
c. SSTP
d. PPTP
Answer: d
Difficulty: Hard
Explanation: PPTP is easy to set up but has weak encryption technology. PPTP-based
VPN connections do not provide data integrity (proof that the data was not modified
in transit) or data origin authentication (proof that the data was sent by the
authorized user).
11. Which authentication method is weakest (least secure)?
a. PAP
b. CHAP
c. MS-CHAPv2
d. EAP-MS-CHAPv2
Answer: a
Difficulty: Medium
Explanation: Password Authentication Protocol (PAP) uses plain text (unencrypted
passwords). PAP is the least secure authentication and is not recommended.
12. Which authentication protocol allows you to change an expired password during
the connection process?
a. PAP
b. CHAP
c. MS-CHAPv2
d. EAP-MS-CHAPv2
Answer: c
Difficulty: Hard
Explanation: MS-CHAP v2 is the only authentication protocol that Windows Server
2012 provides that allows you to change an expired password during the connection
process.
13. Which VPN protocol provides constant connectivity?
a. L2TP
b. IKEv2
c. SSTP
d. PPTP
Answer: b
Difficulty: Hard
Section Ref: VPN Reconnect
Explanation: To provide constant connectivity, you use Internet Key Exchange
version 2 (IKEv2), which automatically establishes a VPN connection when Internet
connectivity is available.
14. When is it appropriate to use Windows Server 2012 as a router between two
networks?
a. for heavy traffic on large networks
b. for heavy traffic on small networks
c. for light traffic on large networks
d. for light traffic on small networks
Answer: d
Difficulty: Medium
Section Ref: Configuring Routing
Explanation: Windows Server 2012 is a software-based router that you can use for
lightly trafficked subnets on a small network. For more complex network with heavy
network traffic, you should use a hardware-based router, which would give you
more reliability and improved network performance.
15. How are routing tables created dynamically?
a. through the use of RIP
b. with static routes
c. by using the routing table protocol (RTP)
d. by using a layer 2 switch
Answer: a
Difficulty: Medium
Explanation: The routing tables are manually created with static routes, or are
dynamically created with routing protocols such as Routing Information Protocol
(RIP).
16. Which Windows Server 2012 R2 server role is used to install the Web Application
proxy for AD FS?
a. AD FS
b. Remote Access
c. Remote Desktop
d. Web Services
Answer: b
Difficulty: Easy
Section Ref: Configuring Web Application Proxy in Passthrough Mode
Explanation: The Web Application proxy is a Remote Access role service introduced
in Windows Server 2012 R2 that provides reverse proxy functionality for web
applications inside an organization network so users can access applications
externally no matter what device they are using.
17. In Windows Server 2012 R2, what is used as a reverse proxy?
a. Web Application proxy
b. Reverse Lookup
c. AD FS proxy
d. Reverse Web
Answer: a
Difficulty: Medium
Section Ref: Configuring Web Application Proxy in Passthrough Mode
Explanation: A Web reverse proxy is a proxy server that retrieves resources from
servers on behalf of a client by publishing internal applications to external users or
publishing applications (although mostly external) to internal users. In Windows
Server 2012 R2, a reverse proxy is provided by a Remote Access Role service: the
Web Application proxy.
Short Answer
18. By default, where are the RAS trace logs located?
Answer: C:\Windows\Tracing
Difficulty: Medium
Section Ref: Troubleshooting Remote Access Problems
Explanation: Routing and Remote Access does have built-in logging, if it is enabled.
To enable logging, open the Routing and Remote Access console, right-click the
server, select Properties, and select the Logging tab. By default, the logs are located
in the C:\Windows\Tracing folder.
19. What are the two ways to enable trace logging for RAS?
Answer: By executing netsh ras set tracing * enabled or by editing the registry
as follows: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EnableFileTracing=1
Difficulty: Hard
Explanation: You can enable logging by executing the following command: netsh
ras set tracing * enabled or by setting the following registry value:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ EnableFileTracing=1
20. Briefly explain how network address translation (NAT) works.
Answer: NAT allows a private, internal network to have internal and Internet
connectivity while being protected by a router or firewall. The entire network is
visible from the outside (Internet) only as a single IP address.
Difficulty: Medium
Section Ref: Implementing NAT
Explanation: NAT is used with masquerading to hide an entire address space behind
a single IP address. In other words, it allows multiple computers on a network to
connect to the Internet through a single IP address. NAT enables a local-area
network (LAN) to use one set of IP addresses for internal traffic and a second set of
addresses for external traffic.
21. What is the primary purpose or job of a router?
Answer: To connect dissimilar networks
Difficulty: Medium
Explanation: Routers join subnets together to form larger networks and join
networks together over extended distances or WANs. They can also connect
dissimilar LANs, such as Ethernet LAN to a Fiber Distributed Data Interface (FDDI)
backbone.
22. What three devices or systems can perform routing?
Answer: A router, a layer 3 switch, or a properly configured server
Difficulty: Medium
Explanation: Routers join subnets together to form larger networks and join
networks together over extended distances or WANs. Layer 3 switches can perform
layer 2 switching, but also perform routing based on IP addresses within an
organization. A server running Windows can have multiple network cards, each
connected to a different subnet. To allow packets to be sent from one subnet to
another subnet through the server, you need to configure routing on the server.
23. Before your DHCP server can provide IP addresses to clients, what do you have
to define?
Answer: You have to define an IP address scope or range of IP addresses for the
DHCP server to use.
Difficulty: Hard
Section Ref: Configuring the DHCP Relay Agent
Explanation: Before your DHCP server can provide IP address leases, you have to
define a scope that includes a range of IP addresses that can be distributed. A scope
defines a single physical subnet on your network to which DHCP services are
offered.
Best Answer
24. Setting up a NAT gateway is an excellent way to provide Internet access to a
LAN. What is the best reason for setting up Internet access via NAT?
a. to allow multiple computers access to the Internet
b. to provide a type of firewall for a group of computers
c. to provide proxy services to a LAN
d. to use private IP addresses on the LAN
Answer: b
Difficulty: Medium
Section Ref: Implementing NAT
Explanation: NAT enables a LAN to use one set of IP addresses for internal traffic
and a second set of addresses for external traffic. The NAT computer or device is
usually a router (including routers made for home and small-office Internet
connections) or a proxy server. As a result, you can provide a type of firewall by
hiding internal IP addresses.
25. What is the first thing to check when troubleshooting VPN problems?
a. network connectivity
b. usernames and passwords
c. DNS lookups
d. firewall settings
Answer: a
Difficulty: Easy
Explanation: With network connectivity problems, you need to make sure that you
are connected to the network and that name resolution works properly. If your VPN
connection is to operate over the Internet, make sure that you have Internet access.
26. For Dial-up RAS connectivity, what is the most secure setting to use?
a. deny access
b. a static IP address
c. verify caller ID
d. always call back to a particular number
Answer: d
Difficulty: Medium
Section Ref: Configuring Remote Dial-In Settings for Users
Explanation: When the Always Callback To option is selected, you must specify a
number that the server always uses during the callback process. This option helps
to make sure that only users from a certain number can call in. If the username and
password have been compromised for a user, the user can still call in only from a
specified number.
Build List
27. Order the following steps required to configure dial-up remote access.
a. Right-click the server and select Configure and Enable Routing and Remote
Access.
b. Select the interface to which you want to assign remote clients.
c. On the IP Address Assignment page, select either Automatically (to use a DHCP
server to assign addresses) or From a specified range of addresses.
d. Fill in Start IP address and End IP address.
e. On the Remote Access page, select Dial-Up.
f. On the Configuration page, select Remote access (dial-up or VPN).
g. On the Address Range Assignment page, click New.
h. Choose Server Manager > Tools > Routing and Remote Access.
Answer: H A F E B C G D
Difficulty: Hard
Section Ref: Configuring RRAS for Dial-Up Remote Access
Explanation: Refer to the steps shown in Configure Dial-Up Remote Access.
28. Order the following steps required to configure and enable VPN remote access.
a. Choose Server Manager > Tools > Routing and Remote Access.
b. On the VPN Connection page, select the external network card that is connected
to the Internet.
c. Right-click the server and select Configure and Enable Routing and Remote
Access.
d. On the IP Address Assignment page, click from a specified range of addresses.
e. On the Remote Access page, select VPN.
f. Fill in the Start IP address and End IP address.
Answer: A C E B D F
Difficulty: Medium
Section Ref: Configuring the VPN Connection on the Server
Explanation: Refer to the steps to Configure and Enable VPN Remote Access.
29. Order the following steps required to set up a VPN connection from a client.
a. Connect to a workplace.
b. Set up a new connection.
c. Select Internet connection or Dial directly.
d. Choose Control Panel > Network and Internet.
e. Enter the name or IP address of the VPN server.
Answer: D B A C E
Difficulty: Easy
Section Ref: Creating a VPN Connection on a Client
Explanation: Refer to the steps outlined in Create a VPN Tunnel.
Repeated Answer
30. RRAS has multiple options from which you can select one or more services to
provide to your users. Select the correct description for the Virtual private network
(VPN) access and NAT option.
a. sets up the server to provide NAT services to clients on the private network that
need to access the Internet
b. sets up a demand-dial or persistent connection between two private networks
c. sets up the server to support incoming VPN connections and to provide NAT
services
d. sets up the server to accept incoming remote access connections (dial-up or VPN)
Answer: c
Difficulty: Medium
Section Ref: Configuring Routing and Remote Access
Explanation: The Virtual private network (VPN) access and NAT option sets up the
server to support incoming VPN connections and to provide NAT services.
provide to your users. Select the correct description for the Remote access (dial-up
or VPN) option.
services
Answer: d
Difficulty: Medium
Explanation: The Remote access (dial-up or VPN) option sets up the server to accept
incoming remote access connections (dial-up or VPN).
provide your users. Select the correct description for the Secure connection
between two private networks option.
services
Answer: b
Difficulty: Medium
Explanation: The Secure connection between two private networks option sets up a
demand-dial or persistent connection between two private networks.
provide your users. Select the correct description for the Network Address
Translation (NAT) option.
services
Answer: a
Difficulty: Medium
Explanation: The Network Address Translation (NAT) option sets up the server to
provide NAT services to clients on the private network that need to access the
Internet.

70-411 R2 Test Bank Lesson 10

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

70-411 R2 Test Bank Lesson 10

Diunggah oleh

Hak Cipta:

Format Tersedia

70-411 Test Bank, Lesson 10 Configuring VPN and Routing

b. because you dont trust the user

9. How is data verified when transferred through the Internet?

Anda mungkin juga menyukai