Microsoft Windows Server 2016 Certification: Exam 70-741 Set 3

You are the administrator for your company network. Your network contains an Active Directory forest. The forest contains two domains named abc.com and xyz.com. The company recently deployed DirectAccess for the members of a group named DA_Computers. All client computers are members of DA_Computers. You discover that DirectAccess clients can access the resources located in the abc.com domain only. The clients can access the resources in the xyz.com domain by using an L2TP VPN connection to the network. What should you do if you need to ensure that the DirectAccess clients can access the resources in the xyz.com domain?


Options are :

  • Configure the Delegation settings from the properties of the servers in xyz.com.
  • Create a zone delegation for xyz.com on an external DNS server.
  • Modify the Name Resolution Policy Table (NRPT) from a Group Policy Object (GPO).
  • Add the servers in xyz.com to the RAS and IAS Servers group.

Answer : Modify the Name Resolution Policy Table (NRPT) from a Group Policy Object (GPO).

You are the administrator for your company network. You have a Windows Server 2016 Remote Access server named Server1 that has DirectAccess enabled. You have a proxy server named Server2. All computers on the internal network connect to the Internet by using the proxy. You run the cmdlet Set-DAClient -forceTunnel Enabled on Server1. Which cmdlet should you run on Server1 if you need to ensure that when a DirectAccess client connects to the network the client accesses all the Internet resources through the proxy?


Options are :

  • Set-DAEntryPoint
  • Set-DnsClientGlobalSetting
  • Set-DnsClientNrptGlobal
  • Set-DnsClientNrptRule

Answer : Set-DAEntryPoint

Microsoft Windows Server 2016 Certification: Exam 70-741 Set 6

You are the administrator for your company network. You are discussing Remote Access Service (RAS) Gateway modes with a colleague. Which mode are you describing here? Deploy the RAS Gateway as an edge VPN server, an edge DirectAccess server, or both simultaneously. In this configuration, RAS Gateway provides remote employees with connectivity to your network by using either VPN or DirectAccess connections.


Options are :

  • Multitenant mode
  • Single tenant mode
  • Unattached tenant mode
  • Remote tenant mode

Answer : Single tenant mode

You are the administrator for your company network. Your company has a main office and has 1,000 users who are located in other countries. You plan to deploy a large Remote Access solution for the company. The main office has three Windows Server 2016 servers named Server1, Server2, and Server3. You plan to use Server1 as a VPN server, Server2 as a RADIUS proxy, and Server3 as a RADIUS server. What actions should you perform on Server2 if you need to configure Server2 to support the planned deployment? (Choose three.)


Options are :

  • Add a RADIUS client.
  • Create a connection request policy.
  • Create a network policy.
  • Create a remote RADIUS server group.
  • Deploy a Windows container.

Answer : Add a RADIUS client. Create a connection request policy. Create a remote RADIUS server group.

You are the administrator for your company network. Your network contains an Active Directory forest that has a functional level of Windows Server 2012. The forest contains five domain controllers and five VPN servers that run Windows Server 2016. The VPN server has 500 users who connect daily. What should you do first if you need to configure a new RADIUS server named Server1?


Options are :

  • Deploy the Remote Access server role on Server1.
  • Set the forest functional level to Windows Server 2016 on a domain controller.
  • Deploy the Network Policy and Access Services role on Server1.
  • Run the New-NpsRadiusClient cmdlet on each VPN server.

Answer : Deploy the Network Policy and Access Services role on Server1.

Microsoft 70-642 Windows Server Network Infrastructure Exam Set 2

You are the administrator for your company network. Your company has 5,000 remote users. You have 40 VPN servers that host the remote connections. You plan to deploy a RADIUS solution that contains five RADIUS servers. What should you do if you need to ensure that client authentication requests are distributed evenly among the RADIUS servers?


Options are :

  • Install the Network Load Balancing (NLB) role service on all of the RADIUS servers and configure all of the RADIUS clients to connect to a virtual IP address.
  • Deploy a RADIUS proxy to a new server and configure all of the RADIUS clients to connect to the RADIUS proxy.
  • Deploy a RAS Gateway to a new server and configure all of the RADIUS clients to connect to the RAS Gateway.
  • Install the Failover Clustering role service on all of the RADIUS servers and configure all of the RADIUS clients to connect to the IP address of the cluster.

Answer : Deploy a RADIUS proxy to a new server and configure all of the RADIUS clients to connect to the RADIUS proxy.

You are the administrator for your company network. You have multiple servers that run Windows Server 2016 and are configured as VPN servers. You deploy a Network Policy Server (NPS) server named NPS1. What should you configure on NPS1 so that it will accept authentication requests from the VPN servers?


Options are :

  • Add a connection request policy from Policies.
  • Add a remote RADIUS server group from RADIUS Clients and Servers.
  • Add RADIUS clients from RADIUS Clients and Servers.
  • Add a network policy from Policies.

Answer : Add RADIUS clients from RADIUS Clients and Servers.

You are the administrator for your company network. Your company has a Sales department. The network contains an Active Directory domain. The domain contains two toplevel organizational units (OUs) named Sales_Computers, which contains the computer accounts, and Sales_Users, which contains the user accounts. You link a new Group Policy Object (GPO) named GPO1 to Sales_Computers. You need to deploy a VPN connection to all of the users who sign in to the Sales department computers. The users must be placed where?


Options are :

  • Computer Configuration/Policies/Administrative Templates/Network/Network Connections
  • Computer Configuration/Preferences/Control Panel Settings/Network Options
  • User Configuration/Preferences/Control Panel Settings/Network Options
  • User Configuration/Policies/Administrative Templates/Network/Network Connections

Answer : User Configuration/Preferences/Control Panel Settings/Network Options

Microsoft 70-647 Windows Enterprise Administrator Exam Set 10

You are the administrator for your company network. The company has employees who work remotely by using a VPN connection from their computers. These employees use an application to access the company intranet database servers. The company recently decided to distribute the latest version of the application using a public cloud. Some users report that every time they try to download the application by using Internet Explorer they receive a warning message that indicates the application could harm their computer. What should you do if you need to recommend a solution that prevents this warning message from appearing, without compromising the security protection of the computers?


Options are :

  • Use the intranet website to publish the application.
  • Use the Windows Store to publish the application.
  • Use a public File Transfer Protocol (FTP) site to publish the application.
  • Using the Internet Explorer settings, instruct the employees to disable the SmartScreen Filter.

Answer : Use the intranet website to publish the application.

You are the administrator for your company network. Which Control Panel application should you use if you need to change the password used for an L2TP VPN connection?


Options are :

  • Credential Manager
  • System
  • Network and Sharing Center
  • Phone and Modem
  • Power Options
  • RemoteApp and Desktop Connections
  • Sync Center
  • Work Folders

Answer : Network and Sharing Center

You are the administrator for your company network. Your company has 100 client computers. The client computers are connected to a corporate private network. You deploy a Remote Desktop Gateway, DirectAccess, and a VPN server at the main office. Users are currently unable to connect from their home computers to their work computers by using Remote Desktop. You need to ensure that users can remotely connect to their office computers by using Remote Desktop. What should you configure if the users must not be able to access any other corporate network resource from their home computers?


Options are :

  • A VPN connection
  • The Remote Desktop Gateway IP address in the advanced Remote Desktop Connection settings on each client
  • The local resource settings of the Remote Desktop connection
  • A DirectAccess connection

Answer : The Remote Desktop Gateway IP address in the advanced Remote Desktop Connection settings on each client

70-646 Pro Windows Server 2008,Server Administrator Test Set 2

You are the administrator for your company network. Your network contains a single Active Directory domain. The domain contains a VPN server that supports all of the VPN protocols. A user named Sue works from home and has a desktop computer. She has an application named App1 that requires access to a server on the corporate network. She creates a VPN connection on the computer. What should you do if you need to ensure that, when Sue opens App1, she can access the required data?


Options are :

  • Click Turn on Password Protected Sharing.
  • Disable Network Discovery.
  • Modify the Profile settings of an incoming firewall rule.
  • Run the Add-VpnConnectionTriggerApplication cmdlet.
  • Run the New-NetFirewallRule cmdlet and specify the -Direction Outbound parameter.
  • Run the New-VpnConnection cmdlet.
  • Run the Set-NetConnectionProfile cmdlet.
  • Run the Set-VpnConnection cmdlet.

Answer : Run the Add-VpnConnectionTriggerApplication cmdlet.

You are the administrator for your company network. Your network contains a single Active Directory domain. The domain contains a VPN server that supports all of the VPN protocols. A user named User1 creates an SSTP VPN connection to a network named VPN1. User1 successfully connects to the VPN server. When the user roams between different Wi-Fi access points, the user loses the connection to the corporate network and must manually reestablish the VPN connection. What should you do if you need to ensure that VPN1 automatically maintains the connection while the user roams between Wi-Fi access points?


Options are :

  • Click Turn on Password Protected Sharing.
  • Disable Network Discovery.
  • Modify the Profile settings of an incoming firewall rule.
  • Run the Add-VpnConnection Trigger Application cmdlet.
  • Run the New-NetFirewallRule cmdlet and specify the -Direction Outbound parameter.
  • Run the New-VpnConnection cmdlet.
  • Run the Set-NetConnectionProfile cmdlet.
  • Run the Set-VpnConnection cmdlet.

Answer : Run the Set-VpnConnection cmdlet.

You are the administrator for your company network. Your network contains a single Active Directory domain. The domain contains a VPN server that supports all of the VPN protocols. You have mobile devices and have a VPN connection to the VPN server. What should you do if you need to ensure that when users work remotely they can connect to the VPN, and that only traffic for the corporate network is sent through the VPN server?


Options are :

  • Click Turn on Password Protected Sharing.
  • Disable Network Discovery.
  • Modify the Profile settings of an incoming firewall rule.
  • Run the Add-VpnConnection Trigger Application cmdlet.
  • Run the New-NetFirewallRule cmdlet and specify the -Direction Outbound parameter.
  • Run the New-VpnConnection cmdlet.
  • Run the Set-NetConnectionProfile cmdlet.
  • Run the Set-VpnConnection cmdlet.

Answer : Run the Set-VpnConnection cmdlet.

Microsoft 70-642 Windows Server Network Infrastructure Exam Set 6

You are the administrator for your company network. A user connects to a wireless network and receives the following message: “Do you want to allow your PC to be discoverable by other PCs and devices on this network?” The user clicks No. The user is unable to browse to the shared folders of other computers on the network by using File Explorer. What should you do if you need to ensure that the user can browse to the other computers?


Options are :

  • Click Turn on Password Protected Sharing.
  • Disable Network Discovery.
  • Modify the Profile settings of an incoming firewall rule.
  • Run the Add-VpnConnection Trigger Application cmdlet.
  • Run the New-NetFirewallRule cmdlet and specify the -Direction Outbound parameter.
  • Run the New-VpnConnection cmdlet.
  • Run the Set-NetConnectionProfile cmdlet.
  • Run the Set-VpnConnection cmdlet.

Answer : Run the Set-NetConnectionProfile cmdlet.

You are the administrator for your company network. Your network contains a single Active Directory domain. What should you do if you need to prevent computers from connecting to hosts on subnet 131.107.0.0/24?


Options are :

  • Click Turn on Password Protected Sharing.
  • Disable Network Discovery.
  • Modify the Profile settings of an incoming firewall rule.
  • Run the Add-VpnConnection Trigger Application cmdlet.
  • Run the New-NetFirewallRule cmdlet and specify the -Direction Outbound parameter.
  • Run the New-VpnConnection cmdlet.
  • Run the Set-NetConnectionProfile cmdlet.
  • Run the Set-VpnConnection cmdlet.

Answer : Run the New-NetFirewallRule cmdlet and specify the -Direction Outbound parameter.

You are the administrator for your company network. You have a Windows Server 2016 server named Server1. What should you install on Server1 if you need to configure Server1 as a multitenant RAS Gateway?


Options are :

  • The Network Controller server role
  • The Network Policy and Access Services server role
  • The Data Center Bridging feature
  • The Remote Access server role

Answer : The Remote Access server role

Microsoft 70-642 Windows Server Network Infrastructure Exam Set 3

You are the administrator for your company network. You are planning to implement a VPN. You currently have the following servers: ? DC1 – Domain Controller and DNS Server ? FS1 – DHCP Server and File Server ? RA1 – Remote Access Server ? RS1 – Network Policy Server (NPS) Server ? RP1 – Network Policy Server (NPS) Server RA1 will use the RADIUS proxy for authentication. You need to ensure that VPN clients can be authenticated and can access internal resources. What actions should you perform if you need to ensure that RS1 is used as a RADIUS server and RP1 is used as a RADIUS proxy? (Choose two.)


Options are :

  • On RS1, create a connection request policy.
  • On RP1, create a connection request policy
  • On FS1, create a network policy.
  • On RS1, delete the default connection request policy.
  • On RP1, create a network policy.

Answer : On RP1, create a connection request policy On RS1, delete the default connection request policy.

You are the administrator for your company network. You support desktop computers and tablets that run an older version of Windows. All of the computers are able to connect to your company network from the Internet by using DirectAccess. Your company wants to deploy a new application to the tablets. The deployment solution must meet the following requirements: ? The application is isolated from other applications. ? The application uses the least amount of disk space on the tablet. ? The application can access files stored on an internal Solid State Drive (SSD) on the tablets. What should you do if you need to deploy the new application to the tablets?


Options are :

  • Install the application in a Windows To Go workspace.
  • Install Hyper-V on a tablet and then install the application on a virtual machine.
  • Deploy the application as an Application Virtualization (App-V) package and install the App-V 4.6 client on the tablets.
  • Install the application on a local drive on the tablets.
  • Publish the application to Windows Store.
  • Install the application within a separate installation in a virtual hard disk (VHD) file and then configure the tablets with dual boot.
  • Deploy the application as a published application on the Remote Desktop server and create a Remote Desktop connection on the tablets.
  • Install the application within a separate installation in a VHDX file and then configure tablets with dual boot.

Answer : Deploy the application as a published application on the Remote Desktop server and create a Remote Desktop connection on the tablets.

You are the administrator for your company network. You have a Windows Server 2016 server named Server1 that is configured as a VPN server. Server1 is configured to allow domain users to establish VPN connections from 6:00 a.m. to 6:00 p.m. every day of the week. What should you do if you need to ensure that domain users can establish VPN connections Monday through Friday only?


Options are :

  • Configure the Properties of Server1 from Routing and Remote Access.
  • Modify the Access Policies on Server1 from Server Manager.
  • Modify the Dial-in Properties of the computer accounts from Active Directory Users and Computers.
  • Modify the Network Policy on Server1 from Network Policy Server.

Answer : Modify the Access Policies on Server1 from Server Manager.

70-662 Microsoft Exchange Server 2010 Configuring Exam Set 1

You are the administrator for your company network. You have a DirectAccess server that is accessible by using the name directaccess.abc.com. On the DirectAccess server you install a new server certificate that has the same subject name. You then configure the DNS records for directaccess.abc.com. What cmdlet should you run if you need to change the endpoint name for DirectAccess to directaccess.abc.com?


Options are :

  • Set-DaServer -ConnectToAddress directaccess.abc.com
  • Set-DaEntryPoint -EntrypointName directaccess.abc.com
  • Set-DaEntryPoint -ComputerName directaccess.abc.com
  • Set-DaClient -ComputerName directaccess.abc.com

Answer : Set-DaClient -ComputerName directaccess.abc.com

You are the administrator for your company network. You are deploying DirectAccess to a server named DirectAccess1. DirectAccess1 will be located behind a firewall and will have a single network adapter. The network will be IPv4. To support DirectAccess, what protocol and port would you assign to Teredo traffic?


Options are :

  • Internet Protocol (IP) ID 1
  • Internet Protocol (IP) ID 41
  • Transmission Control Protocol (TCP) 443
  • User Datagram Protocol (UDP) 3544

Answer : User Datagram Protocol (UDP) 3544

You are the administrator for your company network. You are deploying DirectAccess to a server named DirectAccess1. DirectAccess1 will be located behind a firewall and will have a single network adapter. The network will be IPv4. To support DirectAccess, what protocol and port would you assign to 6to4 traffic?


Options are :

  • Internet Protocol (IP) ID 1
  • Internet Protocol (IP) ID 41
  • Transmission Control Protocol (TCP) 443
  • User Datagram Protocol (UDP) 3544

Answer : Internet Protocol (IP) ID 41

Microsoft 70-642 Windows Server Network Infrastructure Exam Set 7

You are the administrator for your company network. You are deploying DirectAccess to a server named DirectAccess1. DirectAccess1 will be located behind a firewall and will have a single network adapter. The network will be IPv4. To support DirectAccess, what protocol and port would you assign to IP-HTTPS traffic?


Options are :

  • Internet Protocol (IP) ID 1
  • Internet Protocol (IP) ID 41
  • Transmission Control Protocol (TCP) 443
  • User Datagram Protocol (UDP) 3544

Answer : Transmission Control Protocol (TCP) 443

You are the administrator for your company network. Your network contains an Active Directory domain. The functional level of the domain is Windows Server 2012. The network uses an address space of 192.168.0.0/16 and contains multiple subnets. The network is not connected to the Internet. The domain contains three servers: ? Server1—Domain Controller and DNS Server ? Server2—Member Server ? Server3—DHCP Server Client computers obtain their TCP/IP settings from Server3. You add a second network adapter to Server2. You connect the new network adapter to the Internet. You install the Routing role service on Server2. Server1 has four DNS zones configured: DNS Zone Name            Type                                         Zone Filename abc.com                            Active-Directory Integrated        None xyz.com                            Primary                                          xyz.com.dns lmn.com                          Primary                                          lmn.com.dns 168.192.in-addr.arpa    Primary                                         168.192.in-addr.arpa.dns You want to enable Server2 as a NAT server. What should you do?


Options are :

  • Run the Install-WindowsFeature cmdlet.
  • Run the New-RoutingGroupConnector cmdlet.
  • Add an interface from Routing and Remote Access.
  • Add an interface from Routing and Remote Access.

Answer : Add an interface from Routing and Remote Access.

You are the administrator for your company network. You are configuring the network for a small branch office. Currently, the branch office does not connect directly to the Internet. You deploy a new server named Server1, in the branch office, that has a Server Core installation of Windows Server 2016. Server1 has two network adapters configured as: Network Adapter Name         IP Address              Connects To NIC1                                             192.168.1.1/24         The branch office network NIC2                                            131.107.10.1/29        The Internet You plan to use Server1 to provide Internet connectivity for the branch office. Routing and Remote Access Service (RRAS) is installed and configured for VPN remote access on Server1. What command or cmdlet should you use first if you need to configure RRAS on Server1 to provide Network Address Translation (NAT)?


Options are :

  • New-NetNat NAT1 –ExternalIPInterfaceAddressPrefix 131.107.10.1/29
  • Route.exe add 192.168.1.1 255.255.255.0 131.107.10.1 metric 1
  • Enable-NetNatTransitionConfiguration
  • Netsh.exe routing ip nat install

Answer : Route.exe add 192.168.1.1 255.255.255.0 131.107.10.1 metric 1

70-247 Configuring and Deploying a Private Cloud Exam Set 2

You are the administrator for your company network. You have an internal network that contains multiple subnets. You have a Microsoft Azure subscription that contains multiple virtual networks. You need to deploy a hybrid routing solution between the network and the Azure subscription. The solution must ensure that the computers on all of the networks can connect to each other. You install RAS Gateway and enable Border Gateway Protocol (BGP) routing on the network and in Azure. What three actions should you perform next?


Options are :

  • Create a new route for each network.
  • Deploy a site-to-site VPN.
  • Advertise all of the routes on all of the BGP routers.
  • Deploy a point-to-site VPN
  • Install the Routing Information Protocol (RIP).
  • Configure BGP Peering.

Answer : Deploy a site-to-site VPN. Advertise all of the routes on all of the BGP routers. Configure BGP Peering.

You are the administrator for your company network. Your client computers use DirectAccess. What should you implement on the client computers if you need to ensure that the client computers can communicate to IPv4 resources by name?


Options are :

  • AAAA (Quad A) resource records
  • Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
  • NAT64/DNS64
  • Teredo relays
  • Teredo tunnels

Answer : NAT64/DNS64

You are the administrator for your company network. You and a colleague are discussing Border Gateway Protocol (BGP). What PowerShell cmdlet would you use to see the configuration information for your BGP routers?


Options are :

  • Add-BgpClient
  • Get-BgpRouter
  • Get-Router
  • Set-RouterClient

Answer : Get-BgpRouter

70-247 Configuring and Deploying a Private Cloud Exam Set 2

You are the administrator for your company network. What PowerShell cmdlet would you use if you need to see a list of client security groups that are a part of the DirectAccess deployment?


Options are :

  • Get-Client
  • Get-DAClient
  • Get-VpnClient
  • Get-RASClient

Answer : Get-DAClient

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions