Which of the following IP addresses are private addresses? The three blocks of private address space are Answer C, Neither of these IP addresses fall within any of the three blocks of address spaces assigned to private addressing.
Remember, the three address blocks set aside and defined as private address space are as follows:. This provides a range of 16 class B network IDs from This provides a range of class C network IDs from Your IT Director has determined that your network should use dynamic routing. What has happened to that route in the routing table? It has been marked as unreachable in the routing table.
Nothing has happened to that route in the routing table. It has been removed from the routing table. You must manually go into the routing table and remove the entry. In dynamic routing, when a route is unreachable, the route is removed from the routing table. Because it is removed from the routing table, it is not marked as unreachable, so both answers A and B are incorrect.
Your newest hire has been assigned the task of configuring a Windows Server computer as a router and has asked you how to determine if a machine address or an IP address is being used at the router. You explain that routers use IP addresses, while bridges and hubs use machine addresses.
The Physical layer. The Data Link layer. The Network layer. The Transport layer. The Network layer implements protocols that can transport data across a LAN segment. These protocols are known as routable protocols because their data can be forwarded by routers past the local network. IP is the dominant routable protocol. IP, and other Layer 3 protocols, are considered asynchronous because they send the data with no attempt to verify that the data arrived at its destination.
Answer A is incorrect because the Physical layer of the OSI reference model is responsible for the transmission of data. This layer operates only with ones and zeros. Answer B is incorrect because the Data Link layer is responsible for providing end-to-end validity of the data being transmitted.
Answer D is incorrect because the Transport layer is also responsible for the end-to-end integrity of data transmissions. An example of a protocol used at the Transport layer is TCP. TCP and other Layer 4 protocols are considered synchronous because they verify the successful arrival of the data at its destination. Your IT Director has opened a command prompt window on your Windows Server computer and is trying to figure out what routes are available to this computer.
Which of the following commands should you tell him to use to list the active routes from the command prompt? To produce a list of the active routes from the command prompt, type route print and press the Enter key. None of these are route commands. They are Netsh commands. Your IT Director is determined to use static routing on your large corporate network. You need to convince him that static routing probably is not the best choice, and you want him to think that decision was his idea.
You decide to do this by asking him which of the following is an advantage of using static routing? Fault tolerance. Manual configuration. Classless routing.
Static routing works well with classless routing because each route must be added with a network mask. Static routing is not fault tolerant. Although it works well for small networks, it does not scale well. It requires manual configuration and makes no attempt at discovery of other networks or other systems on the network.
RRAS is enabled on your Windows Server computer, and you have three network adapter cards in the computer configured for subnet IDs of The subnet mask of 20 bits means that the first two octets and the first four bits of the third octet are used to define the subnet ID. The rightmost bit of the four bits used in the third octet represents a value of Each subnet ID must therefore have a value in the third octet that is divisible by The only one in the list that meets this criterion is Answer A.
A, B, D These answers are incorrect because none of them meets the criterion. In Answer A, The same situation exists for Answer B, The 40 in the third octet is not divisible by Finally, in Answer D, You want to configure a multiple gateway on a Windows Server machine, but you have only one NIC installed.
How do you accomplish this goal? Assign the IP addresses Assign the IP addresses , You cannot configure multiple gateways on a machine with one NIC. When using a single NIC, the IP addresses must be assigned to either the same network segment or to segments that are part of the same single logical network. Answer A is the only answer that meets this criterion. In Answer B, the two network addresses, The same holds true for Answer C. Here, the addresses A single NIC can be used when the IP addresses assigned are from the same network segment or to segments that are part of the same single logical network.
This statement rules out Answer D. Your IT Director has been reading again. He has decided that he wants to convert the network to OSPF, but he is having some difficulty with terminology. He knows that an OSPF router can serve one of four roles. Help him out. Which of the following is it? Internal router. Area border router.
Backbone router. Autonomous system boundary router. When all interfaces are connected to the same area, the router is considered an internal router. This rules out Answer A. This rules out Answer B.
When the router exchanges routes with sources outside the network area, it is known as an autonomous system boundary router ASBR. This rules out Answer D. You must meet the following requirements:. Which of requirements are met? The contract developers are able to connect to the network via the Internet. PPP encryption is used. Tunnel authentication is used. Data between the endpoints of the tunnel is secure. Using a VPN allows these developers to connect to the local network in a secure manner.
The VPN allows users to exchange data between computers in the network as if there were a point-to-point private link between them. You want to set up IP packet filtering to help you manage access from remote clients. The properties of the remote-access ports. The properties of the remote-access server. The profile of a remote-access policy. The conditions of a remote-access policy. IP packet filters are managed in the remote-access profile of a remote-access policy.
The ability to request an IP address, IP packet filters, idle time allowed before being disconnected, and length of session are settings defined in the remote-access profile. IP address assignment management cannot be performed via the properties sheets of either the remote-access server or the remote-access ports or via the conditions of a remote-access policy. You have set up an isolated, secure subnet with only an RRAS server running on Windows Server connecting the two parts of your internal network.
You are protecting your internal network against unauthorized access with your firewall, and authorized users on the intranet establish VPN tunnels to your secure subnet through the RRAS server.
You do have a problem, however. It seems that remote VPN clients cannot access the secure subnet through your configuration. How should you reconfigure the system to allow remote VPN clients access to the secure subnet? Define filters on the firewall to allow the VPN traffic to pass. Configure the router in front of the firewall to allow IPSec traffic to pass.
Correct the problem by configuring filters on the firewall to allow this traffic to pass. Data packet transmission is transparent to all hosts between the source and the recipient. Finally, Answer D, configure the router in front of the firewall to allow the VPN traffic to pass, is incorrect because the traffic is transparent between the source and the recipient.
You decide to use NAT. You try to establish a secure VPN session from a remote site unsuccessfully. You try again using L2TP. Again the connection fails. You are able to successfully connect when in the same office. Why are you unable to make a connection from the remote location?
NAT does not allow for remote networking. Answer A, regarding not having configured the NAT server to translate the IP Security packets, is incorrect because there is nothing to configure. This is incorrect, because it does. Which requirement or requirements are met? The developers can connect to the network through the Internet. PPTP encryption is used. Tunnel authentication is provided.
Data between the endpoints of the tunnel is secured. The VPN allows the developers to work from home over the Internet. This means that the data between the two endpoints of the tunnel will not be secure in this situation.
The network is not connected directly to the Internet, and the private IP address range you are using is What should you do to resolve the problem? Ensure that the remote-access server is able to connect to a DHCP server that has a scope for its subnet. Configure the remote-access server with the address of a DHCP server. Authorize the remote-access server to receive multiple addresses from a DHCP server. This is because the remote-access server is unable to connect to a DHCP server that has the proper scope.
Answers A, C, D. The IP address being assigned to the dial-up connection, Answer A is incorrect because, unless the remote-access server can connect to a DHCP server in the first place, being able to relay DHCP information will be of no assistance in this situation. DHCP works through broadcast. Finally, Answer D is incorrect because a single network interface cannot receive multiple addresses from a DHCP server.
You think you may have a problem on your network. You need to open a command line window and troubleshoot your network.
Which of the following lists of commands represent the command-line utilities most often used in maintaining and testing routing functionality? The four commonly used command-line utilities most often used in maintaining and testing routing functionality are pathping, PING, Route, and Tracert. Answer A is wrong because show helpers is a Netsh command. Answer B is wrong because both show helpers and show routing are Netsh commands. The server has an always-on Internet connection with an ISP.
What service can you install on the server to allow the clients to access the Internet, without requiring you to obtain additional IP addresses from your ISP? You are configuring a simple network with two computers, both running Windows Server Both will be used as Web servers and must be accessible over the Internet. You have chosen to assign an Internet IP address to each machine, and you want to configure a single Internet connection for use by both machines. Which of the following is the best strategy?
Use a routed connection. Two separate connections are required. A router provides a simple way to connect both machines to the Internet. Each will require an IP address. Answer D is incorrect because a single connection can be used, although two separate public IP addresses will be required.
You need to configure the server to provide shared Internet access to all machines on the network. The server will also act as a Web server. Which solution will address all of these requirements? A hardware router. The NAT service can provide a shared Internet connection for all workstations and allow more than one computer to have an IP address accessible to the Internet.
Answer B is incorrect because a hardware router does not provide address translation or connection sharing. You are configuring a NAT server to provide shared Internet access.
You want clients to use internal addresses from the same pool, whether or not they are using the Internet. What is the most efficient way to do this? This way, the NAT server does not need its own address pool. Answer B is incorrect because using the same address pool on both servers could create conflicts. Answer D is incorrect because there is no need to remove the already functioning DHCP server in favor of the limited addressing abilities of the NAT service.
You are planning a VPN to allow traveling employees to access the network from remote locations. Employees will be using a variety of ISPs to connect to the Internet. Which VPN protocol should you use? A number of remote workstations are able to access the network by connecting to the Internet using local access methods and establishing a VPN connection. Which of the following terms describes this type of VPN? Answer A is incorrect because a router-to-router VPN connects two networks, rather than offering remote access to clients.
Answer B is incorrect because point-to-point is not a type of VPN. Answer D is incorrect because one-way is a type of initiation for router-to-router VPNs.
Which of the following types of encryption will the VPN use in this configuration? Answer A is incorrect because L2TP is a tunneling protocol and does not provide encryption. Answer D is incorrect because EAP is an authentication protocol and does not provide encryption. You need to configure a VPN connection between the local network and a remote branch.
Which of the following is the best strategy to configure the VPN? Use a demand-dial connection. Use a persistent connection. Use dial-up access via RRAS. Create a dedicated WAN link. Answer B is incorrect because a persistent connection cannot be used with a dial-up connection. The servers are currently using Windows authentication, and you wish to use IAS for centralized authentication.
What additional task is necessary to enable IAS authentication? Choose authentication protocols. Answer A is incorrect because IAS needs to be installed on only one computer.
Answer D is incorrect because the default authentication protocols will be used if you do not choose protocols. Which of the following protocols are supported by EAP? You are configuring the authentication methods for the IAS server and want to allow the clients to use smart cards for secure and convenient authentication.
Which of the following authentication protocols should you select? The IAS server. The RRAS servers. The clients of the RRAS server. Answer C is incorrect because the clients do not communicate with the IAS server. During a security audit, you are monitoring network traffic and notice that plaintext versions of passwords are passing through the network.
You are using an IAS server to handle authentication. Which protocol do you need to disable at the IAS server to prevent this security risk? PAP uses plaintext passwords and should be disabled unless required for legacy clients. Remote Access Policies. Connection Request Processing. Answer A is incorrect because the Properties dialog box does not include authentication options. Answer C is incorrect because there is no Protocols section or dialog box. You wish to create client software for VPN clients to connect to the network so that clients do not need to manually specify the VPN server, tunneling protocol, and other settings.
Which program allows you to customize the client software? Connection Manager. Connection Manager Administration Kit. Answer A is incorrect because Connection Manager is the actual client software, not the customization program. You are the administrator of a Windows Server network. Recently, your company made a sudden and unexpected announcement that it would be merging with another company called Syngress Industries, a large company that has more than 20, employees.
You will need to set up trust relationships between two AD forests. Furthermore, you plan to move significant amounts of data between the two networks. You learn the Syngress Industries uses a child domain of its Internet domain namespace for its AD forest root. The name of the internal domain is ad. You want to ensure that your DNS infrastructure can resolve names for internal hosts of Syngress Industries. You also want to ensure that your solution is the most effective in terms of resource usage.
What should you do to enable name resolution for internal hosts of Syngress Industries? Create a secondary zone for ad. Create a stub zone for syngress. Create an Active Directory-integrated zone for ad. Create a conditional forwarding configuration on your DNS servers for ad. Configuring conditional forwarding is the correct answer because it best satisfies the condition to be the most effective in terms of resource usage, which primarily is bandwidth in this case.
After a time, the forwarding servers would acquire a cache of frequently accessed resources in the ad. Answer A is incorrect because creating a secondary zone would enable name resolution, but would cause a significant amount of zone replication traffic over the VPN. However, this would be a bad security practice, since syngress. Furthermore, the presence of a firewall between the syngress. Answer C is incorrect because your organizations are in two separate AD forests.
Your boss has just read an article on how DNS servers can be compromised so that they will redirect recursive queries to bogus Web sites that can cause potential harm. Your boss has asked you to ensure that the DNS servers in the DMZ have the highest level of protection possible against this and other types of common attacks on DNS servers. You have two DNS servers. DNS-A is used to resolve name mappings for your public Web and mail server.
Select the best answer. The problem your boss is describing is cache pollution. Although you can enable protection against cache pollution to mitigate this risk, you should try to stop the potential risk at the firewall, if possible. However, if recursion is disabled on DNS-A, it will still answer queries for zones that it is authoritative for, but it will send a negative response to recursive queries. Disabling recursion also has the added benefit of providing a degree of protection against DoS attacks.
Answer A is workable and provides additional security. However, the boss wants the highest level of protection against multiple common attacks on DNS servers, so this choice is not as good as Answer C. You are the administrator of a Windows network that consists of a mixture of Windows NT 4, Windows , and Windows Server servers, providing a mix of file, print, messaging, and other services critical to your network.
You have already enabled dynamic DNS on your forward and reverse lookup zones, but you want to ensure that all of your client computers can find the name-to-address mapping of all your servers using DNS. You want to minimize the administrative effort for this project. What action should you take? Manually enter the records for servers that have static addresses. Create a WINS resource record in the forward and reverse lookup zones. Windows NT 4 operating systems are not able to update static addresses in a dynamic zone.
You must either manually enter resource records for these servers or configure the DNS to query the WINS server when it cannot resolve a name mapping. Since the latter involves the least administrative effort, Answer D is the correct choice. Answer A is incorrect because it will not have an effect on whether resource records for clients are created in the DNS zones. Answer C would work, but it involves more administrative effort than the correct response and has a greater risk of introducing error.
DNS-B is used to provide name resolution for Internet clients that want to connect to your public Web and mail servers. DNS-C is used to provide Internet name resolution. On DNS-A, remove the root hints file and enable recursion. Configure ISA Server to allow no traffic to or from this server. On DNS-B, remove the root hints file and disable recursion. On DNS-C, enable recursion and update the root hints file. On DNS-A, remove the root hints file and disable recursion.
On DNS-B, update the root hints file and enable recursion. On DNS-C, disable recursion and update the root hints file. You do not want it to perform recursion to the Internet or be accessible through the firewall. You need to remove the root hints file and prevent ISA Server from forwarding Internet traffic to it. However, it should still be able to perform recursion on your internal network. DNS-B is used to provide authoritative responses to requests from Internet clients who wish to connect to Web and mail servers, but it should not be able to perform recursion.
You should disable recursion and remove the root hints file on this server. It needs to be able to perform recursion. The remaining responses are incorrect because they do not meet the requirements, as explained above.
Your company has recently merged with another company and you have set up trusts between the AD forests and have set up conditional forwarding on your DNS servers to resolve names in the AD forest of the newly merged company. You would like your users to be able to resolve names in the newly merged company with the least possible effort and typing on their part. You would like to implement a solution with the least possible effort on your part.
What should you do? Configure a stub zone for a root domain of the newly merged company on your DNS servers. To enable DNS clients to resolve unqualified names single computer names that require the least typing on the part of the client in a disjointed namespace, you must create a custom DNS suffix search list. You can manually configure this on the DNS clients.
However, Group Policy is the most efficient means of implementing this configuration on the client computers. Answer A would allow the primary computer name to be different from the AD domain name the computer is a member of and is not a relevant solution. Answer C is incorrect because DHCP option 81 allows you to specify only one domain name, which should be the domain name used for your own AD domain. Answer D is incorrect because a stub zone would only accomplish what your conditional forwarding is already doing.
The AD domain tree consists of a number of child domains that reflect the geographic locations of the different offices of the company. You are responsible for the DNS root domain of the AD forest and the child domain of the office where you work. All administrative responsibility for the remaining child domains is performed by locally based administrators in their respective offices. The capacity of the WAN links connecting the various offices is showing signs of being insufficient. You want to ensure that DNS resolution for the child domains outside your administrative control will work company-wide in a fault-tolerant manner without adding additional strain to available resources.
On the root DNS servers, configure conditional forwarding for the child domains. On the DNS servers in the child domain under your control, configure secondary zones for the other child domains. On the root DNS servers, configure stub zones for the child domains.
When you configure stub zones on the DNS servers responsible for the root, the SOA, NS, and A records that indicate the authoritative servers for the child domains are automatically updated whenever a local administrator makes changes to these records in the primary zone. These DNS servers for these subdomains are not under your control, so, if you were to configure conditional forwarding on the root DNS servers, the local administrators would need to inform you so that you could manually make the required configuration changes.
Stub zones provide the most fault-tolerant solution. Configuring secondary zones on the root DNS servers would also allow fault-tolerant name resolution, but would increase replication traffic across the WAN. Answers B and D are incorrect because the solution must ensure DNS resolution for the entire company. If you were to implement these solutions in your child domain, the scope of the solution would be limited to your domain and not the other child domains. Of course, you and the other administrators may want to implement such solutions to minimize the amount of DNS referral traffic that would occur if DNS servers had to walk the tree to perform iterative queries in an attempt to resolve names in the various child domains.
You are the enterprise administrator of a Windows network that comprises a number of Windows and Window domain controllers. You want to use Active Directory-integrated zones for your zone data to enhance security and optimize replication of zone data. What should you choose as the replication scope?
To all DNS servers in the forest. To all domain controllers in the AD domain. To all domain controllers specified in the scope of an application partition. Because you still have Windows domain controllers in your environment, your only choice is store the zone data in the domain partition. These answers are incorrect because they require the presence of an application directory partition, which is not available on Windows domain controllers.
You are an administrator of a Windows Server network. You want to automate the backups of the WINS database. You want this backup to occur at least once every 24 hours. In the WINS server console, configure a path to store backups of the database and initiate a manual backup. To configure WINS to perform automatic backups of the database, you must specify a path for the backup and perform at least one manual backup of the database.
You can subsequently use Windows Backup or a third-party backup solution to back up the contents of the WINS backup folder without needing to be concerned about the consequences of backing up an open file. The remaining answers are partially viable to varying degrees, but do not represent the best solution. You want to ensure that the record is deleted on all servers with the least administrative effort. How should you delete the WINS static mapping?
On the owner server of the mapping, find the record and perform a simple deletion. On the owner server of the mapping, find the record and perform a tombstone deletion. On all of the WINS servers, find the record and perform a simple deletion.
On all of the WINS servers, find the record and perform a tombstone deletion. When you perform a tombstone deletion, the record is marked with an attribute that is replicated with the record to other WINS server. The attribute instructs other WINS servers to remove the record through the scavenging process.
Answer A is incorrect because the record will still remain on the replication partners and will eventually be replicated back to the owner WINS server. Answers C and D are incorrect because they require unnecessary administrative effort to accomplish something that can be performed in one simple operation.
All of your WAN links connecting the head office and your four branch offices now have ample bandwidth to handle additional traffic.
You want to ensure the shortest convergence time of replicated records, while at the same time keep the number of replication partnership agreements to an absolute minimum. What replication topology should you choose? Ring topology. Hub-and-spoke topology. Hybrid of ring and hub-and-spoke topology. A hub-and-spoke topology ensures the shortest convergence time with the fewest replication partnerships to manage.
The longest path from one server to any other is two hops. The number of partnership agreements is eight. Answer B is incorrect because it is an overly complex replication topology and would require 20 replication partnership agreements to manage. Answer D is an overly complex topology for the number of WINS servers and not required by the design. The primary DNS server for the syngress. Your ISP is hosting secondary servers for the syngress.
While going through your performance logs, you notice a brief but sudden increase in the number of AXFR requests received and AXFR success sent events. Previously, these counters had values of zero in your logs.
You are concerned by these values and decide to investigate the issue and correct it, if necessary. What is the likely cause of the problem and what should you do? You should turn on debug logging to determine the source IP address and block all traffic from this address on ISA Server. Ask a question. Quick access. Search related threads. Remove From My Forums. Answered by:. Archived Forums.
Exchange and Exchange - General Discussion. Sign in to vote. Please and Thank you 1. Briefly describe why group accounts are important. The destination host has an IP address of As you can see from the preceding example, the source IP address is anded against the subnet mask. The destination address is anded against the subnet mask assigned to the source host.
If the results are not the same, the destination host is on a different network or subnet. Conversely, if the results are the same, it is determined that the destination host is on the local network. A, B, and C are for general-purpose use, D is used for multicasting, and E is reserved. These classes made it possible to use one portion of the bit IP address scheme for the network address and the remaining portion for nodes on the network.
In the past, some networks needed more addresses for systems than the a Class C address supplies. This was a major contribution to the shortage of IP addresses. Organizations often requested a Class B range that offered 65, available addresses rather than a few Class C ranges that might have suited their needs. The result was that many addresses within their allotted Class B blocks went unused.
It effectively "removes" the class from an address for the purpose of combining ranges, so it makes better use of the limited number of remaining available IPv4 addresses.
A CIDR network address looks like this:. The network address is Implementing subnets helps control network traffic and enables network administrators to create smaller collision domains. Every node on the same physical ethernet network sees all data packets sent out on the network, which results in multiple collisions and affects network performance.
Routers or gateways separate networks into subnets. Subnet masks on each node allow nodes on the same subnetwork to continue communicating with one another and with the routers or gateways they use to send their messages.
The following example is a default Class B subnet mask:. The following example is a Class B address using an additional bit subnet mask of Notice that instead of having the single subnet and 65, hosts per subnet allowed under the default subnet mask, you can have up to 16 subnets with up to 4, hosts per subnet by using a subnet mask of When you use standard subnet masks in classful IP addressing schemes, you can plan how many hosts you can support per subnet and how many subnets are available for use.
Table 3. In these classes, the X is the subnet mask variable in the table's Subnet Mask column. The table identifies how many subnets ID are supported by each subnet mask and the maximum number of hosts per subnet.
IP addresses are organized into different address classes that define the number of bits out of the 32 that are used to identify the network and which are used to identify hosts on a network. By examining the address classes, you can also determine the number of networks and the number of hosts. Class A addresses have an official start address of 0. However, the last usable client address in the range is The full range of addresses that can be assigned to hosts is 1.
The local host uses 0. This situation would be unusual. The Class A range is It is always safe to use them because routers on the Internet never forward packets coming from these addresses. The Class B range of IP addresses starts with address IP addresses The Class B range is It is always safe to use these addresses because routers on the Internet never forward packets coming from these addresses.
The Class C range of IP addresses starts at address The Class C range is The Class D IP addresses range from Allocation of Class D addresses is required only if you want to be a multicast source.
You can still receive multicast data without needing a separate Class D address. The IP address A number of well-known ports 0— are used by different services on computers.
The following ports and associated protocols are the most important ones to remember for the certification exam:. I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time. Pearson Education, Inc.
This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.
To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:. For inquiries and questions, we collect the inquiry or question, together with name, contact details email address, phone number and mailing address and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.
Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.
0コメント