Appendix
Answers to the Review Questions

Chapter 1: Configuring TCP/IP

  1. D. To calculate the network mask, you need to figure out which power number (2x) is greater than or equal to the number you need. Since we are looking for 1000, 210 = 1024. You then add the power (10) to the current network mask (53 + 10 = 63).
  2. A. When you look at an IPv6 address, the first sections tell you the IPv6 address space prefix. Fd00:: /8 is the unique local unicast prefix, and this allows the server to communicate with all local machines within your intranet.
  3. C. The unique local address can be FC00 or FD00, and it is used like the private address space of IPv4. Unique local addresses are not expected to be routable on the global Internet, but they are used for private routing within an organization.
  4. A. A Class B address with a default subnet mask of 255.255.0.0 will support up to 65,534 hosts. To increase the number of networks that this network will support, you need to subnet the network by borrowing bits from the host portion of the address. The subnet mask 255.255.252.0 uses 6 bits from the host’s area, and it will support 64 subnets while leaving enough bits to support 1,022 hosts per subnet. The subnet mask 255.255.248.0 uses 5 bits from the hosts and will support 32 subnetworks while leaving enough bits to support 2,046 hosts per subnet. 255.255.252.0 is the better answer because it leaves quite a bit of room for further growth in the number of networks while still leaving room for more than 1,000 hosts per subnet, which is a fairly large number of devices on one subnet. The subnet mask 255.255.254.0 uses 7 bits from the host’s area and will support 126 networks, but it will leave only enough bits to support 500 hosts per subnet. The subnet mask 255.255.240.0 uses 4 bits from the hosts and will support only 16 subnetworks, even though it will leave enough bits to support more than 4,000 hosts per subnet.
  5. A. The network mask applied to an address determines which portion of that address reflects the number of hosts available to that network. The balance with subnetting is always between the number of hosts and individual subnetworks that can be uniquely represented within one encompassing address. The number of hosts and networks that are made available depends on the number of bits that can be used to represent them. This scenario requires more than 35 networks and fewer than 1,000 workstations on each network. If you convert the subnet masks as described in the chapter, you will see that the mask in option A allows for 64 networks and more than 1,000 hosts. All of the other options are deficient in either the number of networks or the number of hosts that they represent.
  6. A. The subnet mask 255.255.255.192 borrows 2 bits from the hosts, which allows you to build four separate networks that you can route through the Windows server. This will allow you to have 62 hosts on each segment. A mask of 255.255.255.128 would have been even better, with two subnets of 126 hosts each, but that wasn’t an option and this solution gives you room for growth in the number of subnets. The subnet mask 255.255.255.224 borrows 3 bits from the hosts. This allows you to create 8 networks, which you don’t need, and it leaves only enough bits for 30 hosts. The subnet mask 255.255.255.252 borrows 6 bits from the hosts. This allows you to create 64 networks, which you don’t need, and it leaves only enough bits for 2 hosts. The subnet mask 255.255.255.240 borrows 4 bits from the hosts. This allows you to create 16 networks, which you don’t need, and it leaves only enough bits for 14 hosts per subnet.
  7. B, C, D. When you add up the locations that currently need to be given a network address, the total is 3,150, and the maximum number of hosts at any one of these locations is fewer than 1,000. The subnet masks need to support those requirements. Assuming that you choose the Class A private address space 10.0.0.0/8, the subnet masks given in options B, C, and D will provide the address space to support the outlined requirements. The subnet mask 255.255.240.0 supports 4,096 subnets and more than 4,000 hosts. The subnet mask 255.255.248.0 supports 8,192 subnets and 2,046 hosts. The subnet mask 255.255.252.0 supports more than 16,000 subnets and more than 1,000 hosts. Although each of these subnet masks will work, at the rate that this company is growing, 255.255.252.0 is probably the best mask to prepare for the future. It’s unlikely that there will ever be more than 1,000 hosts on any given network. In fact, that number would probably cause performance problems on that subnet. Therefore, it’s better to have more subnets available to deploy as the company grows. The subnet mask 255.255.224.0 supports 2,048 subnets—an insufficient number to cover the locations. The subnet mask 255.255.254.0 supports 32,768 subnets, but only 500 hosts per subnet, which are not enough hosts to cover all of the locations.

  8. C. The CIDR /27 tells you that 27 1s are turned on in the subnet mask. Twenty-seven 1s equals 11111111.11111111.11111111.11100000. This would then equal 255.255.255.224.

    The network address 192.168.11.192 with a subnet mask of 255.255.255.224 is perfect for Subnet A because it supports up to 30 hosts. The network address 192.168.11.128 with a subnet mask of 255.255.255.192 is perfect for Subnet B because it supports up to 62 hosts. The network address 192.168.11.0 with a subnet mask of 255.255.255.128 is perfect for Subnet C because it supports up to 126 hosts.

  9. C. You need to configure a subnet mask that can accommodate 3,500 clients. The way to figure it out is to use the formula of 2x-2=Mask Number. So 3,500 clients means it is 212-2=4094. 4094 (power of 12) is the first Power number that is greater than 3,500. So since it is 212, that means that our subnet mask has 12 zeros. So it looks like the following; 11111111.11111111.11110000.00000000. This translates into 255.255.240.0.
  10. B, D. If the first word of an IPv6 address is FE80 (actually the first 10 bits of the first word yields 1111 1110 10 or FE80:: /10), then the address is a link-local IPv6 address. If it’s in EUI-64 format, then the MAC address is also available (unless it’s randomly generated). The middle FF:FE is the filler and indicator of the EUI-64 space, with the MAC address being 00:03:FF:11:02:CD. Remember also the 00 of the MAC becomes 02 in the link-local IPv6 address, flipping a bit to call it local.

Chapter 2: Configuring DNS

  1. B. Because of the .(root) zone, users will not be able to access the Internet. The DNS forwarding option and DNS root hints will not be configurable. If you want your users to access the Internet, you must remove the .(root) zone.
  2. C. Active Directory Integrated zones store their records in Active Directory. Because this company only has one Active Directory forest, it’s the same Active Directory that both DNS servers are using. This allows ServerA to see all of the records of ServerB and ServerB to see all the records of ServerA.
  3. D. The Secure Only option is for DNS servers that have an Active Directory Integrated zone. When a computer tries to register with DNS dynamically, the DNS server checks Active Directory to verify that the computer has an Active Directory account. If the computer that is trying to register has an account, DNS adds the host record. If the computer trying to register does not have an account, the record gets tossed away and the database is not updated.
  4. A. If you need to complete a zone transfer from Microsoft DNS to a BIND (Unix) DNS server, you need to enable BIND secondaries on the Microsoft DNS server.
  5. B. Conditional forwarding allows you to send a DNS query to different DNS servers based on the request. Conditional forwarding lets a DNS server on a network forward DNS queries according to the DNS domain name in the query.
  6. B. On a Windows Server 2016 DNS machine, debug logging is disabled by default. When it is enabled, you have the ability to log DNS server activity, including inbound and outbound queries, packet type, packet content, and transport protocols.
  7. D. Active Directory Integrated zones give you many benefits over using primary and secondary zones, including less network traffic, secure dynamic updates, encryption, and reliability in the event of a DNS server going down. The Secure Only option is for dynamic updates to a DNS database.
  8. A. Windows Server 2016 DNS supports two features called DNS Aging and DNS Scavenging. These features are used to clean up and remove stale resource records. DNS zone or DNS server aging and scavenging flags old resource records that have not been updated in a certain amount of time (determined by the scavenging interval). These stale records will be scavenged at the next cleanup interval.
  9. C. The dnscmd /zoneexport command creates a file using the zone resource records. This file can then be given to the Compliance department as a copy.
  10. D. Stub zones are very useful for slow WAN connections. These zones store only three types of resource records: NS records, glue host (A) records, and SOA records. These three records are used to locate authoritative DNS servers.

Chapter 3: Configuring DHCP

  1. C. Out of the possible answers provided, the only DHCP configuration option that would be both fault tolerant and redundant is DHCP failover.
  2. C. Admins can use the Set-DhcpServerv4Scope command to configure the settings of an existing IPv4 scope.
  3. D. Microsoft recommends the 80/20 rule for redundancy of DHCP services in a network. Implementing the 80/20 rule calls for one DHCP server to make approximately 80 percent of the addresses for a given subnet available through DHCP while another server makes the remaining 20 percent of the addresses available.
  4. A. DHCP can become a single point of failure within a network if there is only one DHCP server. If that server becomes unavailable, clients will not be able to obtain new leases or renew existing leases. For this reason, it is recommended that you have more than one DHCP server in the network. However, more than one DHCP server can create problems if they both are configured to use the same scope or set of addresses. Microsoft recommends the 80/20 rule for redundancy of DHCP services in a network. To do this, you run the Configure Failover Wizard.
  5. B. DHCP can’t be loaded onto a Nano Server. You can load DHCP on a Server Core server (Server with no GUI desktop) or a server with the GUI desktop.
  6. A. 003 Router is used to provide a list of available routers or default gateways on the same subnet.
  7. D. Admins can use the Set-DhcpServerv4Scope command to configure the settings of an existing IPv4 scope.
  8. B. 006 DNS is used to provide a list of available DNS servers to your scope settings or to your server settings.
  9. B. Reservations are set up by using the machine’s network adapter’s MAC address. Every network adapter has its own MAC address. So when the network card got replaced, the new MAC address needs to be put into the current reservation.
  10. C. Conflict Detection Attempts specifies how many ICMP echo requests (pings) the server sends for an address it is about to offer. The default is 0. Conflict detection is a way to verify that the DHCP server is not issuing IP addresses that are already being used on the network. Since you only have one DHCP server, lower the value to zero (0).

Chapter 4: Implement IP Address Management

  1. B. Administrators can use the Set-IpamBlock PowerShell command to configure an IP address block in IPAM.
  2. C. Administrators can use the Add-IpamRange PowerShell command to add an IP address range to an IPAM server.
  3. D. Administrators can use the Set-IpamDiscoveryDomain PowerShell command to change the IPAM discovery configuration.
  4. A. Administrators can use the Get-IpamDnsZone PowerShell command to view the DNS zone information from IPAM database.
  5. C. Administrators need to create and links IPAM group policies (GPOs) for provisioning. To do this, you can either manually create the GPOs or run the Invoke-IpamGpoProvisioning PowerShell command.
  6. C. The IPAM ASM Administrators group is specifically designed for the delegation of IPAM Address Space Management. The IPAM Administrators group would give her domain account way too much access within the environment, and the other two possible answers would not provide her with enough permissions to perform her required responsibilities.
  7. B. Out of the three real possible deployment methods—Distributed, Centralized, and Hybrid—only the Centralized deployment method allows one primary IPAM server to manage the entire enterprise. The Distributed method places an IPAM server at each site location, and the Hybrid method uses a primary server with an additional IPAM server at each site location within the enterprise.
  8. A. The Set-IPAMConfiguration command is used if the GPOs are already created. If you need to create the GPOs, you use the Invoke-IpamGpoProvisioning.
  9. C. After you have successfully installed and provisioned your IPAM server, the next logical step in the IPAM deployment configuration is to configure and run server discovery.
  10. A. The Move-IpamDatabase command allows an admin to move an IPAM database to a SQL Server database.

Chapter 5: Configuring Network Access

  1. B. Using single tenant mode allows you to deploy the RAS Gateway as an edge VPN server, an edge DirectAccess server, or both simultaneously.
  2. A. The Get-BgpRouter PowerShell command allows you to see the configuration information for BGP routers.
  3. B. Administrators use the Get-DAClient command to see the list of client security groups that are part of the DirectAccess deployment and the client properties.
  4. D. Logman creates and manages Event Trace Session and Performance logs and allows an administrator to monitor many different applications through the use of the command line.
  5. D. The higher the RADIUS priority number, the less that the RADIUS server gets used. To make sure that RADIUS ServerD is only used when ServerB and ServerC is unavailable, you would set the RADIUS priority from 1 to 10. This way it will only get used when ServerB and ServerC is having issues or is unresponsive.
  6. B. SSTP is secure sockets and secure sockets uses port 443.
  7. C. The Get-RemoteAccess command shows the configuration of a DirectAccess and VPN server.
  8. B. The Set-DAServer command allows an administrator to set the properties specific to the DirectAccess server.
  9. C. Administrators use the Set-VpnAuthType command to set the authentication type to be used for a VPN connection.
  10. D. The Add-RemoteAccessRadius command allows an administrator to add a new external RADIUS server for VPN or DirectAccess connectivity.

Chapter 6: Understanding File Services

  1. C. You need to publish shares in the directory before they are available to the users of the directory. If NetBIOS is still enabled on the network, the shares will be visible to the NetBIOS tools and clients, but you do not have to enable NetBIOS on shares. Although replication must occur before the shares are available in the directory, it is unlikely that the replication will not have occurred by the next day. If this is the case, then you have other problems with the directory as well.
  2. A. The Sharing tab contains a check box that you can use to list the printer in Active Directory.
  3. B. The Get-FsrmQuota command allows you to view the quotas on the FSRM server.
  4. C. The New-FsrmFileGroup command allows an administrator to create a file group.
  5. A. Administrators can use the New-FsrmQuotaTemplate command to create a new quota template on FSRM.
  6. C. An administrator can use the Remove-FsrmClassificationRule command to delete the FSRM classification rule.
  7. B. Offline files give you the opportunity to set up files and folders so that users can work on the data while outside the company walls. Offline files allows a user to work on files while at home without the need to be logged into the network.
  8. A, B, C, D. Improved security, quotas, compression, and encryption are all advantages of using NTFS over FAT32. These features are not available in FAT32. The only security you have in FAT32 is shared folder permissions.
  9. B. Disk quotas allow you to limit the amount of space on a volume or partition. You can set an umbrella quota for all users and then implement individual users’ quotas to bypass the umbrella quota.
  10. B. Cipher is a command-line utility that allows you to configure or change EFS files and folders.

Chapter 7: Configuring High Availability

  1. A. To create a new NLB cluster, you would use the PowerShell command New-NlbCluster.
  2. B, D. Answers B and D are the only versions that are real. There is no 2016 Small Business Server or Virtual Edition. The Windows Server 2016 server for virtualization is Hyper-V.
  3. A. The maximum number a single cluster can support is 32 computers.
  4. B. If an administrator decides to use the drainstop command, the cluster stops after answering all of the current NLB connections. So the current NLB connections are finished but no new connections to that node are accepted.
  5. D. If you want to stop the entire cluster from running, while in the NLB manager (type NLBmgr in Run command), you would right click on the cluster, point to Control Hosts, and then choose Stop.
  6. A. The PowerShell command Stop-VMReplication will stop virtual machine replication from happening.
  7. B, D. Websites and Terminal Services are all designed to work with NLB clusters. Database servers like SQL Server do not work on NLB clusters.
  8. B. To use unicast communication between NLB cluster nodes, each node must have a minimum of two network adapters.
  9. D. Setting the cluster affinity to Single will send all traffic from a specific IP address to a single cluster node. Using this affinity will keep a client on a specific node where the client should not have to authenticate again. Setting the filtering mode to Single would remove the authentication problem but would not distribute the load to other servers unless the initial server was down.
  10. C. When setting the affinity to Class C, NLB links clients with a specific member based on the Class C part of the client’s IP address. This allows an administrator to setup NLB so that clients from the same Class C address range can access the same NLB member. This affinity is best for NLB clusters using the Internet.

Chapter 8: Implementing Software Defined Networking

  1. D. The New-NetworkControllerNodeObject command is the PowerShell command that allows you to setup a new Network Controller.
  2. B. Remote Access Server (RAS) gateways are used for bridging traffic between virtual and non-virtual networks. Organizations can use Software Load Balancing (SLB) to evenly distribute network traffic between the virtual network resources.
  3. B. Network Controllers are new to Windows Server 2016. Network Controllers allow an administrator to have a centralized virtual and physical datacenter infrastructure. This allows administrators to manage, configure, and troubleshoot all of their infrastructure components from one location.
  4. A. The only virtual hard disk that increases in size is the dynamically expanding disk. Thus this is the only valid answer to this question. The fixed-size disk creates a disk of the size you specify, the differencing disk is a special disk that stores only the differences between it and a parent disk, and the physical disk uses a physical drive and makes it available to the virtual machine.
  5. C. Physical hard disks cannot be configured using the Virtual Hard Disk Wizard, the Edit Virtual Hard Disk Wizard, or the New Virtual Machine Wizard. You can configure and attach a physical disk only by using the virtual machine’s settings.
  6. B. Hyper-V is not supported on Itanium-based systems, thus he cannot install it.
  7. A, B, C. The minimum CPU requirement for running Hyper-V is a x64-based processor (Itanium is not supported), hardware Data Execution Protection must be enabled, and hardware-assisted virtualization must be enabled. There is no minimum requirement for a dual-core processor.
  8. C. This question relates to the setup command used to install the Hyper-V server role on a Windows Server 2016 Server Core machine. It’s important to remember that these commands are case sensitive, and that the correct command is start /wocsetup Microsoft-Hyper-V, which is option C. All of the other commands will fail to install Hyper-V on a Server Core machine.
  9. B. In single tenant mode, the RAS Gateway is used as the exterior or Internet facing VPN or DirectAccess edge server.
  10. C. The virtual network type in which the machines communicate with each other and with the host machine is called internal only. In a private virtual network, the virtual machines can communicate only with each other, not with the network or the host machine. The external network type defines a network where the virtual machines can communicate with each other, with the host machine, and with an external network like the Internet.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.226.28.197