Best Practices for Using the IPAM Event Catalog:
_______________________________________should be enabled on DCs and NPS servers. Without this preconfiguration, the IPAM server cannot display account logon events in the IPAM Event Catalog.
The security event log size should be large enough to allow the periodic audit task to complete data collection before it is rolled over.
For better performance and disk space management, _________________________________________________________________ should be performed periodically to reduce the amount of data used for IPAM events.
The audit log file location for both DHCP IPv4 and IPv6 leases must be configured in a common order. The IPAM audit task selects the log files from one network share per server.
The DHCP audit log file should be large enough for one day, to ensure that no lease events are lost because of size overruns.
Be sure to select an optimal time period for a query. Typically, a query interval of ______ days to ______ days is optimal.
The following list outlines the most important technologies, services, and components of a Windows Server 2016 DirectAccess solution:
DirectAccess server
DirectAccess client
Active Directory
DNS server
___________________
___________________
Certification service
Certificates
___________________
6to4/ISATAP/Teredo
___________________
___________________
With PEAP-MS-CHAPv2, PEAP-TLS, or EAP-TLS as the authentication method, a Windows Server 2016 NPS server must use a server certificate that meets the minimum server certificate requirements. A client accepts the authentication attempt of the server when the server certificate meets the following requirements:
The _______________________________ contains a value. If you issue a certificate to your server running NPS that has a blank _____________________, the certificate is not available to authenticate your NPS server.
The computer certificate on the server chains to a trusted root Certificate Authority (CA) and does not fail any of the checks that are performed by CryptoAPI and that are specified in the remote access policy or network policy.
The computer certificate for the NPS server or VPN server is configured with the __________________________ in Extended Key Usage (EKU) extensions. (The object identifier for Server Authentication is 1.3.6.1.5.5.7.3.1.)
The server certificate is configured with a required algorithm value of RSA.
The _________________________ extension, if used, must contain the _________________ of the server.
To configure a static IP address for a server in an IPv4 configuration, you need to determine the following settings:
________________________
________________________
________________________
________________________
On IPv4 networks, you can assign addresses to an interface in three ways:
_________________, by using static addresses
_________________, by using DHCP server
_________________, by using APIPA
IPv6 address assignment is slightly different. For example, IPv6 addresses can be assigned to an interface in four ways:
_________________, by configuring one or more IPv6 addresses on the interface
_________________, by using address autoconfiguration through DHCPv6 server
_________________, by using autoconfiguration based on the receipt of router advertisement messages
_________________ and Stateless (Both), by address autoconfiguration
Each IPv6 address is 128 bits long. The prefix is the part of the address that contains the bits with fixed values or the subnet prefix’s bits. The prefix is equivalent to the network ID for IPv4 addresses. IPv6 subnets, prefixes, routes, and address ranges are represented in the same way as CIDR notations. An IPv6 __________ is represented in address/__________ length notation. For example, 2001:DB8::/48 (a route prefix) and 2001:DB8:0:2D4C::/64 (a subnet prefix) are IPv6 address prefixes. IPv6 uses __________ instead of a subnet mask.
Tip
You can view the prefix policies by using the ___________________ PowerShell cmdlet (see Figure 12-14).
Tip
By default, DNS servers on Windows Server 2008 or later have a global query block list that prevents ISATAP resolution even when the host record is created and properly configured. You need to remove ISATAP from the global query block list in DNS if you are using an ISATAP host record to configure ISATAP clients. You can do that with the PowerShell cmdlet __________________________________ or the following command: dnscmd /config /_____________________________.
To use the DFS features, the following requirements must be met:
The forest must be at the forest functional level of ______________________ or newer.
The domain must be at the domain functional level of ___________________ Failober.
The namespace servers must be running ______________________ or newer.
You can modify settings for the DFS root with the PowerShell cmdlet Set-DfsnRoot. You can use this cmdlet to enable or disable the following settings:
______________________________
______________________________
______________________________
______________________________
______________________________
With the following command, you can enable root scalability, which allows the DFS namespace server to poll domain controllers for updates:
_____________ -Path "\PearsonPUcertify" -EnableRootScalability $True
-TimeToLiveSec 900
With the PowerShell cmdlet _______________________, you can generate a DFSR health report to verify replication and get information about replication bandwidth savings through the use of RDC or errors. Figure 13-40 shows an example of this command and example output of an error in the report when the problem lies in the DFS Replication service on DFS2.
With the PowerShell cmdlet ______________________________, you can force the synchronization of DFS Replication. Take a look at this example:
Sync-DfsReplicationGroup -GroupName "ReplicaGroup1" -SourceComputer
Name DFS1 -DestinationComputerName DFS2 -DurationInMinutes 1
The following example retrieves the first 100 unreplicated changes between the local computer and the upstream computer, DFS2, for the replication group RepliGroup1 and the replicated folder named Data:
__________________ -SourceComputerName "DFS2" -GroupName "RepliGroup1"
-FolderName "Data"
DFSR uses ______________________________, a client/server protocol that can be used to efficiently update files over a limited-bandwidth network.
You can enable and disable cross-file RDC with the following PowerShell cmdlet:
Set-DfsrConnection ____________________________ $true
You cannot recover files from the ___________________________________ and ______________________________________ folders except from backup.
Use the Windows PowerShell cmdlets _________________________________ and ______________________ to allow the recovery of files from these folders. You can restore these files and folders into their previous location or a new location. You can choose to move or copy the files, and you can keep all versions of a file or only the latest version.
DFS includes database-management tasks that use database cloning to help you perform initial database replication. Furthermore, DFS includes tasks that can recover the DFS database in case of data corruption. A new Windows Server 2016 feature is the capability to _______________________ for initial replication, to dramatically improve performance during initial synchronization. You also can use the _____________________ feature to reduce bandwidth consumed when replicating file data.
The primary benefits of BranchCache are as follows:
____________________________________________________________________________________________________________________________________
____________________________________________________________________________________________________________________________________
____________________________________________________________________________________________________________________________________
____________________________________________________________________________________________________________________________________
____________________________________________________________________________________________________________________________________
____________________________________________________________________________________________________________________________________
You can configure BranchCache in two different modes (see Figure 13-45):
_______________________________: This mode operates by deploying a computer that is running Windows Server 2008 R2 or newer versions as a ________________________________________. Client computers locate the host computer so that they can retrieve content from the ________________when it is available. If the content is not available in the _______________, the content is retrieved from the content server over a WAN link. The content is then provided to the ___________________, which serves successive client requests.
________________________________: For smaller remote offices, you can configure BranchCache in _____________________ without requiring a server. In this mode, local client computers running Windows 7 or newer maintain a copy of the content and make it available to other authorized clients that request the same data. This eliminates the need to have a server in the branch office. However, unlike _______________, this configuration works per subnet only. In addition, clients that hibernate or disconnect from the network cannot provide content to other requesting clients.
You also can use the __________________________ PowerShell cmdlet to configure BranchCache in hosted cache mode. The following commands enable hosted cache mode by using SVR1.pearson.com as the hosted cache server for HTTPS and clients running Windows 10:
__________________ -ServerNames SVR1.pearson.com -UseVersion Windows10
The following cmdlet enables hosted cache mode and registers Service Connection Points in AD DS:
Enable-BCHostedServer __________________
The following cmdlet enables distributed cache mode on the server:
_________________________________________________
With the PowerShell cmdlet ________________, you can verify the correct BranchCache configuration on the file server, BranchCache host, or BranchCache client.
You can use the ______________________________ command to display the BranchCache service status.
18.227.161.225