You are on page 1of 12

70-411 Test Bank, Lesson 11 Configuring DirectAccess

15 Multiple Choice
6 Short Answer
3 Best Answer
3 Build List
4 Repeated Answer
31 questions

Multiple Choice
1. DirectAccess was introduced with which workstation/server pair?
a. Windows XP/Windows Server 2003
b. Windows Vista/Windows Server 2008
c. Windows 7/Windows Server 2008 R2
d. Windows 8/Windows Server 2012
Answer: c
Difficulty: Easy
Section Ref: Understanding DirectAccess
Explanation: DirectAccess, a new feature introduced with Windows 7 and Windows
Server 2008 R2, provides seamless intranet connectivity to DirectAccess client
computers when they are connected to the Internet.
2. What kind of connectivity does DirectAccess establish between workstation and
server?
a. uni-directional
b. bi-directional
c. PPTP
d. virtual private network (VPN)
Answer: b
Difficulty: Medium
Section Ref: Understanding DirectAccess
Explanation: DirectAccess overcomes the limitations of VPNs by automatically
establishing a bi-directional connection from client computers to the organizations
network.
3. What type of server is the network location server (NLS)?

a. DNS
b. DHCP
c. web
d. AD
Answer: c
Difficulty: Medium
Section Ref: Implementing Infrastructure Servers
Explanation: DirectAccess clients use the network location server (NLS) to
determine their locations. The network location server is an internal web server.
4. What does the acronym ISATAP stand for?
a. Industry Standard Architecture Tunnel Addressing Protocol
b. Industry Standard Architecture Tunnel Access Protocol
c. Intra-Site Automatic Tunnel Addressing Protocol
d. Inter-Site Automated Tunnel Addressing Protocol
Answer: c
Difficulty: Medium
Section Ref: Understanding DirectAccess
Explanation: The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) is used
for automatic deployment of IPv6 on IPv4 sites.
5. What utility do you use to configure DirectAccess?
a. DNS Console
b. Active Directory Console
c. Remote Access Management Console
d. DirectAccess Console
Answer: c
Difficulty: Easy
Section Ref: Running the DirectAccess Getting Started Wizard
Explanation: To configure DirectAccess itself, you use the Remote Access
Management console, which enables you to configure DirectAccess using a visual
step-by-step wizard or wizards.
6. Windows Server 2012 varies from the Windows Server 2008 R2 implementation in
that it does not require which one of the following?
a. SQL Server
b. two consecutive public IP addresses
c. Hyper-V and a single virtual machine
d. a dedicated Internet connection
Answer: b

Difficulty: Medium
Section Ref: Understanding DirectAccess Server Requirements
Explanation: Implementation of DirectAccess in Windows Server 2012 and Windows
Server 2012 R2 does not require two consecutive static, public IPv4 addresses as
was required with Windows Server 2008 R2. However, to achieve two-factor
authentication with a smart card or Operational Data Provider (ODP) deployment,
the DirectAccess server still needs two public IP addresses.
7. What is the most basic requirement for a DirectAccess implementation?
a. The DirectAccess server must be part of a cluster.
b. The DirectAccess server must be highly available.
c. The DirectAccess server must also run DNS services.
d. The DirectAccess server must be part of an Active Directory domain.
Answer: d
Difficulty: Medium
Section Ref: Understanding DirectAccess Server Requirements
Explanation: The first requirement of DirectAccess is that the server must be part of
an Active Directory domain.
8. If the client cannot reach the DirectAccess server using 6to4 or Teredo tunneling,
the client tries to connect using what protocol?
a. IP-HTTPS
b. HTTP
c. DHCP
d. HTTPS
Answer: a
Difficulty: Medium
Section Ref: Looking at the DirectAccess Connection Process
Explanation: If the client cannot reach the DirectAccess server using 6to4 or Teredo
tunneling, the client tries to connect using the Internet Protocol over Secure
Hypertext Transfer Protocol (IP-HTTPS) protocol. IP-HTTPS uses a Secure Sockets
Layer (SSL) connection to encapsulate IPv6 traffic.
9. What does the netsh namespace show policy command do?
a. shows the DNS search order
b. displays the static routing table for a namespace
c. shows the NRPT rules as configured on the group policy
d. displays local DirectAccess security policy
Answer: c
Difficulty: Hard
Section Ref: Troubleshooting DirectAccess

Explanation: Use the netsh namespace show policy command to show the Name
Resolution Policy Table (NRPT) rules as configured on the group policy.
10. What does the netsh namespace show effectivepolicy command do?
a. shows the effective NRPT rules as configured on the group policy
b. shows the effective group rights for DirectAccess
c. explicitly displays the effective group policy rights for each user that has access
to DirectAccess
d. determines the results of network location detection and the IPv6 addresses of
the intranet DNS servers
Answer: d
Difficulty: Hard
Section Ref: Troubleshooting DirectAccess
Explanation: Use the netsh namespace show effectivepolicy command to
determine the results of network location detection and the IPv6 addresses of the
intranet DNS servers.
11. What kind of connectivity does DirectAccess provide between client computers
and network resources?
a. stable but limited
b. seamless and always on
c. active and firewalled
d. firewalled and passive
Answer: b
Difficulty: Medium
Section Ref: Understanding DirectAccess
Explanation: Different from the traditional virtual private network (VPN)
connections, DirectAccess connections are automatically established and they
provide always-on seamless connectivity.
12. DirectAccess is for clients connected to which network?
a. intranet
b. Internet
c. wired LAN
d. wireless LAN
Answer: b
Difficulty: Medium
Section Ref: Looking at the DirectAccess Connection Process
Explanation: The DirectAccess client computer determines whether it is connected
to the intranet. If the client is connected to the intranet, it does not use
DirectAccess.

13. How do the DirectAccess server and DirectAccess client authenticate each
other?
a. IPSec and PAP
b. PPTP and username/password
c. computer and user credentials
d. encrypted secret channel handshake
Answer: c
Difficulty: Hard
Section Ref: Looking at the DirectAccess Connection Process
Explanation: When the user logs on, the DirectAccess client establishes a second
IPsec tunnel to access intranet resources. The DirectAccess client and server
authenticate each other using a combination of computer and user credentials.
14. Which one of the following operating systems may not act as a DirectAccess
client?
a. Windows 7 Enterprise
b. Windows Server 2008
c. Windows Server 2008 R2
d. Windows 8
Answer: b
Difficulty: Medium
Section Ref: Understanding DirectAccess Client Requirements
Explanation: To use DirectAccess, the clients must be Windows 7 Enterprise Edition,
Windows 7 Ultimate Edition, Windows 8, Windows Server 2008 R2, Windows Server
2012, or Windows Server 2012 R2. You cannot deploy DirectAccess for Windows
Vista or earlier or for Windows Server 2008 or earlier.
15. In addition to meeting operating system requirements, a DirectAccess client
must be a member of what?
a. a DirectAccess client group
b. a NAP group
c. an AD domain
d. a fault-tolerant network segment
Answer: c
Difficulty: Medium
Section Ref: Understanding DirectAccess Client Requirements
Explanation: To use DirectAccess, the client must be joined to an Active Directory
domain.

Short Answer
16. Which two protocols does DirectAccess use for its connections?
Answer: IPsec and IPv6
Difficulty: Medium
Section Ref: Understanding DirectAccess
Explanation: DirectAccess overcomes the limitations of VPNs by automatically
establishing a bi-directional connection from client computers to the organizations
network using IPsec and Internet Protocol version 6 (IPv6).
17. DirectAccess uses IPv6. What if your organization hasnt adopted IPv6 yet? Can
you still use DirectAccess? If so, how?
Answer: Yes, by using a transitional technology such as 6to4 or Teredo IPv6
Difficulty: Medium
Section Ref: Understanding DirectAccess
Explanation: For organizations that have not deployed IPv6, you can use transition
mechanisms such as 6to4 and Teredo IPv6 transition technologies for connectivity
across the IPv4 Internet and the Intra-Site Automatic Tunnel Addressing (ISATAP)
IPv6 transition technology, so that DirectAccess clients can access IPv6-capable
resources across your IPv4-only intranet.
18. To use DirectAccess, you must have at least one domain controller running
which Windows version?
Answer: Windows Server 2008 SP2, Windows Server 2008 R2, Windows Server 2012,
or Windows Server 2012 R2
Difficulty: Medium
Section Ref: Understanding DirectAccess Server Requirements
Explanation: Refer to list of requirements for DirectAccess.
19. On the client (workstation) side of DirectAccess, you must be running which
Windows version?
Answer: Windows 7 Enterprise Edition, Windows 7 Ultimate Edition, or Windows 8
Difficulty: Medium
Section Ref: Understanding DirectAccess Client Requirements
Explanation: To use DirectAccess, the clients must be Windows 7 Enterprise Edition,
Windows 7 Ultimate Edition, Windows 8, Windows Server 2008 R2, Windows Server
2012, or Windows Server 2012 R2.
20. In Windows 8, the Direct Connectivity Assistant (DCA) was replaced by which
application?

Answer: The Network Connectivity Assistant (NCA), which is included with the
operating system
Difficulty: Hard
Section Ref: Implementing Client Configuration
Explanation: In Windows 8, the DCA was replaced by the Network Connectivity
Assistant (NCA). Although the DCA has to be downloaded from Microsoft, the NCA is
included in the Windows 8 operating system, and installation and deployment are
not required.
21. What command do you issue to remove ISATAP from the DNS global query block
list?
Answer: dnscmd /config /globalqueryblocklist isatap
Difficulty: Hard
Section Ref: Configuring DNS for DirectAccess
Explanation: To remove ISATAP from the DNS global query block list, execute the
following at a command prompt: dnscmd /config /globalqueryblocklist isatap

Best Answer
22. Unlike traditional VPN connections, DirectAccess connections are established
automatically and provide what kind of connectivity?
a. on-demand
b. TCP/IP initiated
c. WAN-to-LAN
d. always on and seamless
Answer: d
Difficulty: Medium
Section Ref: Understanding DirectAccess
Explanation: Different from traditional VPN connections, DirectAccess connections
are automatically established and they provide always-on seamless connectivity.
23. What is the best reason for deploying DirectAccess connectivity for remote
users?
a. Remote users computers can be easily managed and kept up to date.
b. Remote users computers connect automatically.
c. Remote computers connect via encrypted links over the Internet.
d. Remote users can access corporate resources.
Answer: a
Difficulty: Medium

Section Ref: Understanding DirectAccess


Explanation: DirectAccess clients can access IPv6-capable resources across your
IPv4-only intranet. As a result, remote client computers are automatically connected
to the organizations network so that they can be easily managed and kept up to
date with critical updates and configuration changes.
24. Which one of the Remote Access Management interfaces gives you the most
control?
a. the Remote Access Management console
b. the Run the Getting Started Wizard
c. the Run the Remote Access Setup Wizard
d. the command-line dnscmd.exe command
Answer: c
Difficulty: Medium
Section Ref: Running the Remote Access Setup Wizard
Explanation: For more control, you can use the Run the Remote Access Setup Wizard
instead.
The Run the Remote Access Setup Wizard breaks the installation to the following
steps: Remote Clients, Remote Access Server, Infrastructure Servers, and
Application Servers.

Build List
25. Order the following steps required to configure DirectAccess Remote Access
Server.
a. Specify the internal network IPv6 and IPv6 prefix assigned to DirectAccess client
computers.
b. Choose Server Manager > Tools > Remote Access Management.
c. Specify the digital certificate that you want to use for HTTPS connections.
d. Select the appropriate topology and specify the public name or IPv4 address used
by clients to connect to the Remote Access server.
e. Choose Active Directory credentials (username/password) or Two-factor
authentication.
f. Select the correct network adapters for internal and external networks.
g. Select the Enforce corporate compliance for DirectAccess clients with NAP option.
h. Click Run the Remote Access Setup Wizard > Remote Access Server > Configure.
Answer: B H D F C A E G
Difficulty: Hard
Section Ref: Implementing DirectAccess Server
Explanation: Refer to the steps to Configure the DirectAccess Remote Access Server.
26. Order the following steps required to set up DirectAccess clients.

a. Select Deploy DirectAccess only.


b. Specify HTTP or ping and specify an URL or FQDN in the text box.
c. Under Remote Clients, click Configure.
d. Select Use force tunneling.
e. Add the name of the computer group to include as DirectAccess clients.
f. Click Run the Remote Access Setup Wizard > Remote Clients > Configure.
g. Set up the Helpdesk e-mail address.
h. Select Deploy full DirectAccess for client access and remote management.
i. Name the connection.
j. Choose Server Manager > Tools > Remote Access Management.
k. Select Allow DirectAccess clients to use local name resolution.
Answer: J F A C H E D B G I K
Difficulty: Medium
Section Ref: Implementing Client Configuration
Explanation: Refer to Configure Remote Clients for the steps.
27. Order the following steps required to configure the DirectAccess Infrastructure
Servers.
a. Verify DNS suffixes and internal DNS servers.
b. Enter the URL of the Network Location Server.
c. Add the names of your management servers.
d. Choose Server Manager > Tools > Remote Access Management.
e. Click Run the Remote Access Setup Wizard > Infrastructure Server > Configure.
Answer: D E B A C
Difficulty: Easy
Section Ref: Implementing Infrastructure Servers
Explanation: Refer to the Configure the DirectAccess Infrastructure Servers steps.

Repeated Answer
28. The Run the Remote Access Setup Wizard breaks the installation into four
separate installations that give you a great deal of control over settings and
configurations. Identify the correct description for the installation of Infrastructure
Servers.
a. Configure the network connections based on one or two network cards and which
adapters are internal and which adapters are external. You can also specify the use
of smartcards and specify the certificate authority (CA) to use for DirectAccess to
provide secure communications.
b. Specify which clients within your organization can use DirectAccess. You specify
the computer groups that you want to include and whether you want to include
Windows 7 clients.

c. Configure how the clients access the core infrastructure services such as Active
Directory domain controllers and DNS servers. You also specify an internal web
server that can provide location services for infrastructure components to your
DirectAccess clients.
d. Configure your end-to-end authentication and security for the DirectAccess
components. It also provides secure connections to individual servers.
Answer: c
Difficulty: Hard
Section Ref: Running the Remote Access Setup Wizard
Explanation: The installation of Infrastructure Servers allows you to configure how
the clients access the core infrastructure services such as Active Directory domain
controllers and DNS servers. You also specify an internal web server that can
provide location services for infrastructure components to your DirectAccess clients.
29. The Run the Remote Access Setup Wizard breaks the installation into four
separate installations that give you a great deal of control over settings and
configurations. Identify the correct description for the installation of Remote Clients.
a. Configure the network connections based on one or two network cards and which
adapters are internal and which adapters are external. You can also specify the use
of smartcards and specify the certificate authority (CA) to use for DirectAccess to
provide secure communications.
b. Specify which clients within your organization can use DirectAccess. You specify
the computer groups that you want to include and whether you want to include
Windows 7 clients.
c. Configure how the clients access the core infrastructure services such as Active
Directory domain controllers and DNS servers. You also specify an internal web
server that can provide location services for infrastructure components to your
DirectAccess clients.
d. Configure your end-to-end authentication and security for the DirectAccess
components. It also provides secure connections to individual servers.
Answer: b
Difficulty: Hard
Section Ref: Running the Remote Access Setup Wizard
Explanation: The installation of Remote Clients allows you to specify which clients
within your organization can use DirectAccess. You specify the computer groups that
you want to include and whether you want to include Windows 7 clients.
30. The Run the Remote Access Setup Wizard breaks the installation into four
separate installations that give you a great deal of control over settings and
configurations. Identify the correct description for the installation of Remote Access
Servers.

a. Configure the network connections based on one or two network cards and which
adapters are internal and which adapters are external. You can also specify the use
of smartcards and specify the certificate authority (CA) to use for DirectAccess to
provide secure communications.
b. Specify which clients within your organization can use DirectAccess. You specify
the computer groups that you want to include and whether you want to include
Windows 7 clients.
c. Configure how the clients access the core infrastructure services such as Active
Directory domain controllers and DNS servers. You also specify an internal web
server that can provide location services for infrastructure components to your
DirectAccess clients.
d. Configure your end-to-end authentication and security for the DirectAccess
components. It also provides secure connections to individual servers.
Answer: a
Difficulty: Hard
Section Ref: Running the Remote Access Setup Wizard
Explanation: The installation of Remote Access Server configures the network
connections based on one or two network cards and which adapters are internal and
which adapters are external. You can also specify the use of smartcards and specify
the certificate authority (CA) to use for DirectAccess to provide secure
communications.
31. The Run the Remote Access Setup Wizard breaks the installation into four
separate installations that give you a great deal of control over settings and
configurations. Identify the correct description for the installation of Application
Servers.
a. Configure the network connections based on one or two network cards and which
adapters are internal and which adapters are external. You can also specify the use
of smartcards and specify the certificate authority (CA) to use for DirectAccess to
provide secure communications.
b. Specify which clients within your organization can use DirectAccess. You specify
the computer groups that you want to include and whether you want to include
Windows 7 clients.
c. Configure how the clients access the core infrastructure services such as Active
Directory domain controllers and DNS servers. You also specify an internal web
server that can provide location services for infrastructure components to your
DirectAccess clients.
d. Configure your end-to-end authentication and security for the DirectAccess
components. It also provides secure connections to individual servers.
Answer: d
Difficulty: Hard
Section Ref: Running the Remote Access Setup Wizard

Explanation: The installation of Application Servers configures your end-to-end


authentication and security for the DirectAccess components. It also provides
secure connections to individual servers.