Microsoft 70-680 Exam Questions – Network Connectivity

QUESTION 1
Your network consists of an Active Directory domain and a DirectAccess infrastructure. You install Windows 7 on a new portable computer and join the computer to the domain. You need to ensure that the computer can establish DirectAccess connections.
What should you do?

A. Install a computer certificate.
B. Create a new network connection.
C. Enable the Network Discovery firewall exception.
D. Add the computer account to the Network Configuration Operators group.

Correct Answer: A
Section: Network connectivity
Explanation

Explanation/Reference:
101 20192

Certificates
The DirectAccess IPsec session is established when the client running Windows 7 and the DirectAccess server authenticate with each other using computer certificates. DirectAccess supports only certificate- based authentication.

DirectAccess Client Configuration
Clients receive their DirectAccess configuration through Group Policy. This differs from traditional VPN configuration where connections are configured manually or distributed through the connection manager administration kit. Once you have added the computer’s client account to the designated security group, you need to install a computer certificate on the client for the purpose of DirectAccess authentication. An organization needs to deploy Active Directory
Certificate Services so that clients can automatically enroll with the appropriate certificates.

QUESTION 2
Your network contains a wireless access point. You have a computer that runs Windows 7.

The computer connects to the wireless access point. You disable Service Set Identifier (SSID) broadcasts on the wireless access point.

You discover that you are now unable to connect to the wireless access point from the Windows 7 computer.

You need to ensure that the computer can connect to the wireless access point. What should you do?
A. From Credential Manager, modify the generic credentials.
B. From Credential Manager, modify the Windows credentials.
C. From Network and Sharing Center, turn on Network discovery.
D. From Network and Sharing Center, modify the wireless network connection settings.

Correct Answer: D
Section: Network connectivity
Explanation

Explanation/Reference:
1016 20132

Wireless Network Connection settings
To connect to a wireless network that does not broadcast its SSID, you need to know details such as the network name and security type. In Network And Sharing Center, you click Set Up A Connection Or Network, click Manually Connect To A Wireless Network, and click Next. You are prompted for the network name and security type and (if appropriate) encryption type and security key. Alternatively, you can open an elevated command prompt and enter a command with the following syntax:

netsh wlan connect name= ssid- [interface=] Since the computer has previously been connected, just modify the settings.
NOT Network Discovery
Network Discovery allows the client running Windows 7 to locate other computers and devices on the network. It also makes the client visible to other computers on the network. Disabling Network Discovery does not turn off other forms of sharing.

NOT Credential Manager
Credential Manager stores logon user name and passwords for network resources, including file servers, Web sites, and terminal services servers. Credential Manager stores user name and password data in the Windows Vault. You can back up the Windows Vault and restore it on other computers running Windows 7 as a method of transferring saved credentials from one computer to another. Although Credential Manager can be used to back up some forms of digital certificates, it cannot be used to back up and restore the
self-signed Encrypting File System (EFS) certificates that Windows 7 generates automatically when you encrypt a file. For this reason, you must back up EFS certificates using other tools. You will learn about backing up EFS certificates later in this lesson.

QUESTION 3
You have a computer named Computer1 that runs Windows 7.

You need to ensure that Computer1 can connect to File Transfer Protocol (FTP) servers only while it is connected to a private network.

What should you do?

A. From Windows Firewall with Advanced Security, create a new rule. B. From the local Group Policy, modify the application control policies.
C. From Windows Firewall, modify the Allowed Programs and Features list.
D. From Network and Sharing Center, modify the Advanced Sharing settings.

Correct Answer: A
Section: Network connectivity
Explanation

Explanation/Reference:
1017 20139

Creating WFAS Rules
The process for configuring inbound rules and outbound rules is essentially the same:
In the WFAS console, select the node that represents the type of rule that you want to create and then click New Rule. This opens the New Inbound (or Outbound) Rule Wizard. The first page, shown in Figure
7-7, allows you to specify the type of rule that you are going to create. You can select between a program, port, predefined, or custom rule. The program and predefined rules are similar to what you can create using Windows Firewall. A custom rule allows you to configure a rule based on criteria not covered by any of the other options. You would create a custom rule if you wanted a rule that applied to a particular service rather than a program or port. You can also use a custom rule if you want to create a rule that involves both a specific program and a set of ports. For example, if you wanted to allow communication to a specific program on a certain port but not other ports, you would create a custom rule.

QUESTION 4
You have a wireless access point that is configured to use Advanced Encryption Standard (AES) security. A pre- shared key is not configured on the wireless access point.

You need to connect a computer that runs Windows 7 to the wireless access point. Which security setting should you select for the wireless connection?
A. 802.1x
B. WPA-Personal
C. WPA2-Enterprise
D. WPA2-Personal

Correct Answer: C
Section: Network connectivity
Explanation

Explanation/Reference:
1025 20133

WPA and WPA2 indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer networks. WPA2 enhances WPA, which in turn addresses weaknesses in the previous system, WEP. WPA was intended as an intermediate measure to take the place of WEP while an IEEE
802.11i standard was prepared. 802.1X provides port-based authentication, which involves communications between a supplicant (a client computer), an authenticator (a wired Ethernet switch or WAP), and an authentication server (typically a Remote Authentication Dial In User Service, or RADIUS, server).

WPA2-Enterprise
WPA-Enterprise and WPA2-Enterprise authenticate through the Extensible Authentication Protocol (EAP) and require computer security certificates rather than PSKs. The following EAP types are included in the certification program:

EAP-TLS
EAP-TTLS/MSCHAPv2
PEAPv0/EAP-MSCHAPv2
PEAPv1/EAP-GTC EAP-SIM

If you want to use AES and to use computer certificates rather than a PSK, you would choose WPA2- Enterprise.

WPA2-Personal
If you have a small network that is not in a domain and cannot access a CA server, but you install a modern WAP that supports AES, you would use WPA2-Personal (with a PSK).

WPA-Personal
If you have a small network that is not in a domain and cannot access a CA server and your WAP does not support AES, you would use WPA-Personal.

802.1x
If you have a RADIUS server on your network to act as an authentication server and you want the highest possible level of security, you would choose 802.1X.

QUESTION 5
You have two computers named Computer1 and Computer2 that run Windows 7.

You need to ensure that you can remotely execute commands on Computer2 from Computer1. What should you do?
A. Run Winrm quickconfig on Computer1. B. Run Winrm quickconfig on Computer2.
C. Enable Windows Remote Management (WinRM) through Windows Firewall on Computer1.

D. Enable Windows Remote Management (WinRM) through Windows Firewall on Computer2.

Correct Answer: B
Section: Network connectivity
Explanation

Explanation/Reference:
1026 20145

Windows Remote Management Service
The Windows Remote Management service allows you to execute commands on a remote computer, either from the command prompt using WinRS or from Windows PowerShell. Before you can use WinRS or Windows PowerShell for remote management tasks, it is necessary to configure the target computer using the WinRM command. To configure the target computer, you must run the command WinRM quickconfig from an elevated command prompt. Executing WinRM quickconfig does the following:

Starts the WinRM service
Configures the WinRM service startup type to delayed automatic start
Configures the LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users
Configures the WinRM listener on http://* to accept WS-Man requests
Configures the WinRM firewall exception

QUESTION 6
You have a computer that runs Windows 7.

The computer connects to the corporate network by using a VPN connection.

You need to ensure that you can access the Internet when the VPN connection is active. The solution must prevent Internet traffic from being routed through the VPN connection.

What should you do?

A. Configure a static DNS server address.
B. Configure a static IP address and default gateway.
C. Configure the security settings of the VPN connection.
D. Configure the advanced TCP/IP settings of the VPN connection.

Correct Answer: D
Section: Network connectivity
Explanation

Explanation/Reference:
1027 20175

To prevent the default route from being created
In the properties of the TCP/IP protocol of the dial-up connection object, in the Advanced TCP/IP Settings dialog box, click the General tab, and then clear the Use default gateway on remote network check box.

QUESTION 7
You have a computer that runs Windows 7.

The IPv6 address of the computer is configured automatically. You need to identify the IPV6 address of the computer.
What should you do?

A. At the command prompt, run Netstat.
B. At the command prompt run Net config.
C. From the network connection status, click Details.

D. From network connection properties, select Internet Protocol Version 6 (TCP/IPv6) and click
Properties.

Correct Answer: C
Section: Network connectivity
Explanation

Explanation/Reference:
1032 20127

You can view a list of all the connection interfaces (wired and wireless) on a computer by opening Network And Sharing Center and clicking Change Adapter Settings. You can right-click any network connection and select Status. If you click Details on the Local Area Connection Status dialog box, you access the Network Connection Details information box.

You can configure wireless connection behavior by clicking Change Adapter Settings in Network And Sharing Center, right-clicking your wireless adapter, and clicking Status. Clicking Details on the Status dialog box displays the adapter configuration.

QUESTION 8
Your network consists of a single IPv4 subnet. The subnet contains 20 computers that run Windows 7. You add a new computer named Computer1 to the subnet.
You discover that Computer1 has an IP address of 169.254.34.12.

You cannot connect to other computers on the network. Other computers on the network can connect to each other.

You need to ensure that you can connect to all computers on the network. What should you do?

A. Turn off Windows Firewall. B. Run Ipconfig.exe /renew.
C. Configure a static TCP/IP address. D. Run Netsh.exe interface ipv4 install.

Correct Answer: C
Section: Network connectivity
Explanation

Explanation/Reference:
1041 20119

Configuring static IP addresses
When you assign a static IP address, you need to tell the computer the IP address you want to use, the subnet mask for this IP address, and, if necessary, the default gateway to use for internetwork communications. An IP address is a numeric identifier for a computer. Ip addressing schemes vary according to how your network is configured, but they’re normally assigned based on a particular network segment.

QUESTION 9
Your network consists of an Active Directory domain named contoso.com. You have a computer named computer1.contoso.com.
Your network is configured to use only IPv6. You need to request that a DNS record be created to enable users to connect to your computer by using the name dev.contoso.com.
Which type of record should you request? A. A
B. AAAA
C. HINFO D. NAPTR

Correct Answer: B
Section: Network connectivity
Explanation

Explanation/Reference:
1042 20128

The resolution of host names to IPv6 addresses is accomplished through DNS (apart from link-local addresses that are not stored by DNS and resolve automatically). The procedure is the same as for IPv4 address resolution with the computer name and IPv6 address pair being stored in a AAAA (quad-A) DNS resource record, which is equivalent to an A or host record for IPv4. Reverse DNS lookup that returns a computer name for an IPv6 address is implemented by a pointer (PTR) DNS resource record that is referred to the IPv6 reverse lookup zone (or tree) ipv6.arpa, which is the equivalent of the in-addr.arpa reverse lookup zone in IPv4.

AAAA
An AAAA (quad-A) resource record resolves a host name to an IPv6 address.

A
An A (address) resource record resolves a host name to an IPv4 address.

HINFO
Host information (HINFO) resource record. Specifies the type of CPU and operating system in the cpu_type and os_type fields, respectively, for the host DNS domain name in the owner field. Well-known CPU and operating system types that are most often used are noted in RFC 1700. This information can be used by application protocols such as FTP, which use special procedures when communicating with

computers of a known CPU and operating system type.

NAPTR
The NAPTR represents a Naming Authority Pointer. NAPTR records map between sets of URNs, URLs and plain domain names and suggest to clients what protocol should be used to talk to the mapped resource. Each NAPTR record contains a service name, a set of flags, a regexp rule, an order value, a preference and a replacement. Multiple records can be chained together in a cascade to rewrite URIs in fairly sophisticated, but deterministic ways. These cascading rules have been standardized in RFC2915 and RFC3403.

QUESTION 10
You have a computer that runs Windows 7.

Your network contains a VPN server that runs Windows Server 2008. You need to authenticate to the VPN server by using a smart card. Which authentication setting should you choose?
A. CHAP B. EAP
C. MS-CHAP v2
D. PAP

Correct Answer: B
Section: Network connectivity
Explanation

Explanation/Reference:
1046 20206

VPN Server Software Requirements
VPN server software requirements for smart card access are relatively straightforward. The remote access servers must run Windows 2000 Server or later, have Routing and Remote Access enabled, and must support Extensible Authentication Protocol-Transport Layer Security (EAP-TLS).

EAP-TLS is a mutual authentication mechanism developed for use in conjunction with security devices, such as smart cards and hardware tokens. EAP-TLS supports Point-to-Point Protocol (PPP) and VPN connections, and enables exchange of shared secret keys for MPPE, in addition to IPsec.

The main benefits of EAP-TLS are its resistance to brute-force attacks and its support for mutual authentication. With mutual authentication, both client and server must prove their identities to each other. If either client or server does not send a certificate to validate its identity, the connection terminates.

Microsoft Windows Server™ 2003 supports EAP-TLS for dial-up and VPN connections, which enables the use of smart cards for remote users. For more information about EAP-TLS, see the Extensible Authentication Protocol (EAP) topic at www.microsoft.com/resources/documentation/windows/xp/all/ proddocs/en-us/auth_eap.mspx.

For more information about EAP certificate requirements, see the Microsoft Knowledge Base article “Certificate Requirements when you use EAP-TLS or PEAP with EAP-TLS” at http:// support.microsoft.com/default.aspx?scid=814394.