Professional Documents
Culture Documents
Lab Report
Time Spent: 12:58
Score: 13/13 (100%)
TASK SUMMARY
Required Actions & Questions
Configure the screen saver settingsShow Details
Check for Windows updates
Q1How many updates were available
Your answer:None, the device is up to date.
Correct answer:None, the device is up to date.
Install the SalesPrinter and make it your default printer
Enable Remote Desktop
Enable a network adapter
Identify the network addresses and routesShow Details
Q2Was the ping command successful
Your answer:Yes
Correct answer:Yes
Q3How many hops did it take to find the external DNS server
Your answer:5
Correct answer:5
Create the D:\Reports folder
Optimize the C: drive
Configure the default minimum password length to 10 characters
Use Computer Management to configure the Application Identity serviceShow Details
EXPLANATION
Complete this lab as follows:
After you have completed all of the assigned tasks, feel free to explore the operating system
interface in the lab. When you are ready to end the lab, from the top right, select Answer
Questions and then select Score Lab.
To score 100% on the lab, make sure that all assigned tasks are complete before you select Score
Lab.
Lab Report
Time Spent: 10:35
Score: 6/6 (100%)
TASK SUMMARY
Required Actions & Questions
Run the Cleanup system files in Disk CleanupHide Details
Cleared Microsoft Defender Antivirus
Cleared Windows error reports and feedback
Cleared DirectX Shader Cache
Cleared Delivery Optimization Files
Cleared Device Driver Packages
Cleared Temporary files
Cleared Thumbnails
Modify adapter settings by changing the subnet mask to 255.255.255.0
Q1How many hops does it take to get to 163.128.80.93
Your answer:5
Correct answer:5
Launch Command Prompt and run tracert 163.128.80.93
Set display to turn off in 1 hour in Power Options
Adjust the display settings for best performance in the System console
EXPLANATION
Complete this lab as follows:
In this lab, your task is to create a resource group using the following information:
Azure portal:
o Site: http://portal.azure.com
Project details:
o Subscription name: CorpNet Production
o Resource group name: CorpNetCloud
Resource details:
o Region: (US) West US2
Lab Report
Time Spent: 02:41
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Configure the project details for the resource groupHide Details
Subscription: CorpNet Production
Resource group name: CorpNetCloud
Configure the resource details for the resource group
EXPLANATION
Complete this lab as follows:
Define policies that prevent users from saving .wmv files in the home folders stored on
the server.
Share files with UNIX-based clients.
Add the File Server Resource Manager (FSRM) role service, which allows you to
configure file screens to prevent users from saving specific file types in specific
folders.
Add the Server for NFS role service to be able to share files with UNIX-based clients.
Lab Report
Time Spent: 06:07
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Add the File Server Resource Manager role service
Add the Server for Network File System role service
EXPLANATION
Complete this lab as follows:
Lab Report
Time Spent: 01:37
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Allow Remote Desktop connections
Allow Tom Plask to connect using Remote Desktop
Open the firewall port for Remote Desktop
EXPLANATION
Complete this lab as follows:
2. Add Tom Plask as a user that will be able to connect to Office1 using a Remote Desktop
connection.
a. Under User accounts, click Select users that can remotely access this PC.
b. Select Add.
c. Enter Tom Plask.
d. Select OK to add the user.
e. Select OK to close the dialog.
3. Verify that the firewall ports for Remote Desktop are opened appropriately.
4.1.11Configure IP Addresses
You work as the IT administrator for a small corporate network. You need to configure the
workstation in the executive office so it can connect to the local network and the internet. The
workstation has two network interface cards (named Ethernet and Ethernet 2). Having two network
cards allows the workstation to connect to the local network (as shown in the exhibits) and another
small network, which is not yet built.
For both network cards, configure the IP version 4 TCP/IP settings using the settings
specified in the table below.
From the Exec computer, ping the preferred DNS server assigned to the Ethernet NIC
to verify that it can communicate successfully.
Lab Report
Time Spent: 06:18
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Configure settings for Local Area ConnectionHide Details
Use 192.168.0.254 for the IP address
Use 255.255.255.0 for the subnet mask
Use 192.168.0.5 for the default gateway
Use 163.128.78.93 or 163.128.80.93 as the preferred DNS server
Configure settings for Local Area Connection 2Hide Details
Use 10.0.255.254 for the IP address
Use 255.255.0.0 for the subnet mask
Do not configure a default gateway address
Successfully ping the preferred DNS server
EXPLANATION
Complete this lab as follows:
4.2.4Explore IP Configuration
You are a network technician for a small corporate network. The network is connected to the internet
and uses DHCP for address assignment. Employees in Office 1 and the Executive Office are
reporting problems with their network connections.
In this lab, your task is to explore, diagnose, and fix the reported TCP/IP configuration problems.
1. From CorpServer, mouse over the network icon in the Notification Area.
Notice that the Notification Area appears normal (a computer icon is shown), which
indicates a connection to the local network and the internet. When you mouse over
the network icon, you see the details of this status.
2. Access the Network Connections window.
a. Right-click Start and then select Settings.
b. Select Network & Internet.
The Settings Status diagram confirms that CorpServer is
connected to the local network and to the internet.
c. Close the Settings app.
3. Ping the ISP to verify connectivity through the router and the internet.
a. From the top right, select Exhibits.
b. Locate the IP address of the ISP.
c. From the top right, select Answer Questions.
d. Answer Question 1.
e. Close the Exhibits window.
f. Right-click Start and select Windows PowerShell (Admin).
g. From the PowerShell prompt, type ping ISP_IPaddress and
press Enter.
Notice that the ping was successful, verifying a valid connection to
the internet.
4. Use the ipconfig and tracert commands to find the devices used to access the
ISP.
a. From the PowerShell prompt, type ipconfig /all and press Enter.
b. Locate and examine the vEthernet (External) configuration
settings and note the following:
DHCP Enabled: No
This tells us that the server is configured with a static
IP address and is not enabled for DHCP.
IPv4 Address: 192.168.0.10
Subnet Mask: 255.255.255.0
The server is using the default subnet mask for the
Class C IP address range.
Default Gateway: 192.168.0.5
The router's internal interface is configured as the
default gateway.
c. From the PowerShell prompt, type tracert ISP_IPaddress to see
the path to the ISP.
d. Answer Question 2.
e. From the top right, select Exhibits.
f. Answer Question 3.
g. Minimize the Lab Questions window.
h. Close the Exhibits window.
5. From the Executive Office, check the status of the link and network activity lights.
a. From the top left, select Floor 1 Overview.
b. Under Executive Office, select Hardware.
c. Above the workstation, select Back to switch to the back view of
the workstation.
The link and network activity lights on the network card are on and
blinking. This indicates that there is a physical connection to the
switch and there is activity on the connection. This points to a
TCP/IP configuration problem.
6. Verify the connectivity on the Exec workstation.
a. On the Exec monitor, select Click to view Windows 10.
b. In the Notification Area, mouse over the network icon.
Notice that the pop-up indicates there is no internet access.
c. Right-click Start and then select Settings.
d. Select Network & Internet.
The Network Status diagram confirms that the Exec computer has
no connection to the internet.
e. Close the Settings app.
f. Right-click Start and select Windows PowerShell (Admin).
g. From the PowerShell prompt, type ping Exec and press Enter.
Notice that the ping was successful.
h. From the PowerShell prompt, type ping CorpServer and
press Enter.
Notice that the ping to CorpServer failed.
i. From the PowerShell prompt, type ipconfig /all and then
press Enter. From this command, the following is shown for the
Ethernet interface card:
DHCP Enabled: No
IPv4 Address: 192.168.0.62
Subnet Mask: 255.255.255.240
Default Gateway: 192.168.0.4
Lab Report
Time Spent: 32:23
Score: 8/8 (100%)
TASK SUMMARY
Required Actions & Questions
Q1What is the IP address of the ISP
Your answer:198.28.2.254
Correct answer:198.28.2.254
Q2How many hops did it take to access the ISP
Your answer:4
Correct answer:4
Q3What is the name of the device accessed on the third hop
Your answer:pfSense
Correct answer:pfSense
Fix the subnet mask on Exec
Fix the gateway on Exec
Enable the scope on the DHCP Server
Fix the 003 Router option on the DHCP Server
Configure Exec for DHCP
EXPLANATION
Complete this lab as follows:
1. From CorpServer, mouse over the network icon in the Notification Area.
Notice that the Notification Area appears normal (a computer icon is shown), which
indicates a connection to the local network and the internet. When you mouse over the
network icon, you see the details of this status.
2. Access the Network Connections window.
a. Right-click Start and then select Settings.
b. Select Network & Internet.
The Settings Status diagram confirms that CorpServer is connected to the
local network and to the internet.
c. Close the Settings app.
3. Ping the ISP to verify connectivity through the router and the internet.
a. From the top right, select Exhibits.
b. Locate the IP address of the ISP.
c. From the top right, select Answer Questions.
d. Answer Question 1.
e. Close the Exhibits window.
f. Right-click Start and select Windows PowerShell (Admin).
g. From the PowerShell prompt, type ping ISP_IPaddress and press Enter.
Notice that the ping was successful, verifying a valid connection to the
internet.
4. Use the ipconfig and tracert commands to find the devices used to access the ISP.
a. From the PowerShell prompt, type ipconfig /all and press Enter.
b. Locate and examine the vEthernet (External) configuration settings and
note the following:
DHCP Enabled: No
This tells us that the server is configured with a static IP address
and is not enabled for DHCP.
IPv4 Address: 192.168.0.10
Subnet Mask: 255.255.255.0
The server is using the default subnet mask for the Class C IP
address range.
Default Gateway: 192.168.0.5
The router's internal interface is configured as the default
gateway.
c. From the PowerShell prompt, type tracert ISP_IPaddress to see the path to
the ISP.
d. Answer Question 2.
e. From the top right, select Exhibits.
f. Answer Question 3.
g. Minimize the Lab Questions window.
h. Close the Exhibits window.
5. From the Executive Office, check the status of the link and network activity lights.
a. From the top left, select Floor 1 Overview.
b. Under Executive Office, select Hardware.
c. Above the workstation, select Back to switch to the back view of the
workstation.
The link and network activity lights on the network card are on and blinking.
This indicates that there is a physical connection to the switch and there is
activity on the connection. This points to a TCP/IP configuration problem.
6. Verify the connectivity on the Exec workstation.
a. On the Exec monitor, select Click to view Windows 10.
b. In the Notification Area, mouse over the network icon.
Notice that the pop-up indicates there is no internet access.
c. Right-click Start and then select Settings.
d. Select Network & Internet.
The Network Status diagram confirms that the Exec computer has no
connection to the internet.
e. Close the Settings app.
f. Right-click Start and select Windows PowerShell (Admin).
g. From the PowerShell prompt, type ping Exec and press Enter.
Notice that the ping was successful.
h. From the PowerShell prompt, type ping CorpServer and press Enter.
Notice that the ping to CorpServer failed.
i. From the PowerShell prompt, type ipconfig /all and then press Enter. From
this command, the following is shown for the Ethernet interface card:
DHCP Enabled: No
IPv4 Address: 192.168.0.62
Subnet Mask: 255.255.255.240
Default Gateway: 192.168.0.4
4.2.5Troubleshoot IP Configuration 1
You are a network technician for a small corporate network. The network is connected to the internet
and uses DHCP for address assignment. The employees in the IT Administration Office and Office 2
report that their workstations can communicate with some computers on the network but cannot
access the internet. You need to diagnose and fix the problem. The following IP addresses are used
in your network:
Device IP Address
CorpServer 192.168.0.10
ITAdmin 192.168.0.31
Office2 192.168.0.34
ns1.nethost.net
198.28.2.254
(ISP)
In this lab, your task is to troubleshoot and fix the issue using the following procedures:
From the Office2 computer, use the ping and ipconfig commands to test connectivity
and gather information.
o Answer Questions 1 and 2.
From the ITAdmin computer, use the ping and ipconfig commands to test connectivity
and gather information.
o Answer Questions 3 and 4.
From the CorpServer computer, use the ping and ipconfig commands to test
connectivity and gather information.
o Answer Question 5 and determine which changes need to be made to
correct the issue.
Using the CorpDHCP server, accessed as a VM from CorpServer, implement the fix to
the issue.
Verify that the ITAdmin and Office2 computers can access the internet.
To see the network diagram and the wiring schematics of the network, use Exhibits.
Lab Report
Time Spent: 20:28
Score: 8/8 (100%)
TASK SUMMARY
Required Actions & Questions
Q1From Office2, which, if any, pings failed
Your answer:The ISP - 198.28.2.254
Correct answer:The ISP - 198.28.2.254
Q2What is the address of the default gateway assigned to Office2
Your answer:192.168.0.4
Correct answer:192.168.0.4
Q3From ITAdmin, which, if any, pings failed
Your answer:The ISP - 198.28.2.254
Correct answer:The ISP - 198.28.2.254
Q4What is the IP address of the default gateway assigned to ITAdmin
Your answer:192.168.0.4
Correct answer:192.168.0.4
Q5What do you see here that might explain why this computer can access the internet, but
Office2 and ITadmin can't
Your answer:The default gateway for CorpServer is different.
Correct answer:The default gateway for CorpServer is different.
Reconfigure the DHCP server with 192.168.0.5 as the default gateway
Verify that the ITAdmin workstation can communicate with the internet
Verify that the Office2 workstation can communicate with the internet
EXPLANATION
While completing this lab, use the following information:
Device IP Address
CorpServer 192.168.0.10
ITAdmin 192.168.0.31
Office2 192.168.0.34
ns1.nethost.ne
t 198.28.2.254
(ISP)
1. From the Office2 computer, use the ping and ipconfig commands to test connectivity
and gather information.
a. Right-click Start and select Windows PowerShell.
b. From the PowerShell prompt, type ping IP_address and press Enter.
c. Repeat steps 1b to ping the remaining computers.
d. From the top right, select Answer Questions.
e. Answer Question 1.
f. From the PowerShell prompt, type ipconfig /all and press Enter.
Notice that DHCP Enabled is set to Yes, meaning the IP information is
obtained from a DHCP server.
g. Answer Question 2.
2. From the ITAdmin computer, use the ping and ipconfig commands to test connectivity
and gather information.
a. From the top left, select Floor 1 Overview.
b. Under ITAdmin Office, select ITAdmin.
c. Right-click Start and select Windows PowerShell.
d. From the PowerShell prompt, type ping IP_address and press Enter.
e. Repeat steps 2d to ping the remaining computers.
f. Answer Question 3.
g. From the PowerShell prompt, type ipconfig /all and press Enter.
Notice that DHCP Enabled is set to Yes, meaning the IP information is
obtained from a DHCP server.
h. Answer Question 4.
i. Minimize the Lab Questions dialog.
3. From the CorpServer computer, use the ping and ipconfig commands to test connectivity
and gather information.
a. From the top left, select Floor 1 Overview.
b. Under Networking Closet, select CorpServer.
c. Right-click Start and select Windows PowerShell.
d. From the PowerShell prompt, type ping Office2 and press Enter.
e. From the PowerShell prompt, type ping 198.28.2.254 and press Enter.
Notice that this computer can get to the internet.
f. From the PowerShell prompt, type ipconfig and press Enter.
g. From the top right, select Answer Questions.
h. Answer Question 5.
Since Office2 and ITAdmin obtain their IP addresses from a DHCP server and
their default gateway is different from CorpServer (which can access the
internet), the problem is most likely related to the IP configuration for the
network.
i. Close PowerShell.
4. Access the CorpDHCP server.
a. From Hyper-V Manager, select CORPSERVER.
b. Maximize the window for better viewing.
c. Double-click CorpDHCP to connect to the server.
5. From the CorpDHCP server, use the DHCP console to reconfigure the settings for the
DHCP scope.
a. From Server Manager's menu bar, select Tools > DHCP to start the DHCP
console.
b. Expand and select CorpDHCP > IPv4 > Scope [192.168.0.1] Subnet1 > Scope
Options.
c. Right-click Scope Options and then select Configure Options.
d. Select the 003 Router option.
e. In the bottom pane, select 192.168.0.4 and then select Remove.
f. In the IP address field (the default gateway address), change the address
listed to 192.168.0.5 then select Add.
g. Select OK to apply the change.
6. Verify that the ITAdmin and Office2 computers can access the internet.
a. From the top left, select Floor 1 Overview.
b. Under IT Administration, select ITAdmin.
c. From the PowerShell prompt, type ipconfig /renew.
This will request the new IP address information from the DHCP server and
reconfigure the settings for the Ethernet connection.
d. Enter ipconfig /all to check the Ethernet configuration.
Notice that the default gateway 192.168.0.5 is now correctly configured.
e. At the PowerShell prompt, type ping 198.28.2.254 (the ISP) and then
press Enter.
f. From the top left, select Floor 1 Overview.
g. Under Office2, select Office2.
h. Repeat steps 6c-6e to fix the problem for the second workstation.
i. Select Score Lab.
4.2.6Troubleshoot IP Configuration 2
You are a network technician for a small corporate network. The network is connected to the internet
and uses DHCP for address assignments. The owner of the company in the Executive Office and a
temporary employee in the IT Administrator office both report that their workstations can
communicate with some computers on the network, but cannot access the internet. You need to
diagnose and fix the problem.
Computer
IP Address
Name
CorpServer 192.168.0.10
198.28.2.254
(Unknown)
(the ISP)
ITAdmin (Unknown)
Exec (Unknown)
Use Exhibits to see the network diagram and the wiring schematics for the network.
Lab Report
Time Spent: 06:45
Score: 7/7 (100%)
TASK SUMMARY
Required Actions & Questions
Q1After looking at the exhibits and the results of the tracert command, which of the following IP
addresses is assigned to the building A network router
Your answer:192.168.0.5
Correct answer:192.168.0.5
Q2Which of the following best describes what you have learned from your troubleshooting up
to this point
Your answer:The connections from building A to the ISP are working.
Correct answer:The connections from building A to the ISP are working.
Q3Mark all of the observations you found to be true after examining the results of the
ipconfig /all command
Your answer:The IP address is an APIPA address, not a valid address for this network.,The IP
information for the Ethernet adapter is obtained from a DHCP server.
Correct answer:The IP information for the Ethernet adapter is obtained from a DHCP server.,
The IP address is an APIPA address, not a valid address for this network.
Q4Which of the following is the most likely reason the ping tests to the ISP failed from Exec and
ITAdmin, but were successful from CorpServer
Your answer:The DHCP server is probably not assigning IP addresses correctly.
Correct answer:The DHCP server is probably not assigning IP addresses correctly.
Q5Why can the Exec and ITAdmin computers ping each other while they cannot ping
CorpServer or ISP
Your answer:Both are using an APIPA address.
Correct answer:Both are using an APIPA address.
In the Networking Closet, activate the DHCP scope for the local network
Verify that the Executive Office and IT Administrator workstations can communicate with the
internetShow Details
EXPLANATION
Complete this lab as follows:
Troubleshoot
1. From the Exec computer, begin troubleshooting by verifying the scope of the
connectivity problem.
a. Under Executive Office, select Exec.
b. Right-click Start and then select Windows PowerShell (Admin).
c. From the PowerShell prompt, run the following ping commands.
Press Enter after each command:
ping 192.168.0.10 (CorpServer).
ping 198.28.2.254 (The Internet Service Provider, or ISP).
Notice that both pings are unsuccessful.
ping ITAdmin (the name of the computer in the IT Administration
office).
Notice that the ping to ITAdmin is successful. However, it is
responding using an APIPA IP address. This indicates that this
computer is not getting its IP address from the DHCP as it should.
2. From CorpServer computer, continue troubleshooting the problem by trying to access
the ISP.
a. From the top left, select Floor 1 Overview.
b. Under Networking Closet, select CorpServer.
c. Right-click Start and then select Windows PowerShell (Admin).
d. From the PowerShell prompt, type ping 198.28.2.254 (the ISP).
Notice that the ping to the ISP is successful.
e. From the PowerShell prompt, type tracert 198.28.2.254 and press Enter.
f. From the top right, select Exhibits.
g. From the top right, select Answer Questions.
h. Answer Question 1.
i. Close the Exhibits and Answer Questions windows.
3. From the ITAdmin computer, continue troubleshooting the problem by trying some
additional ping tests.
a. From the top left, select Floor 1 Overview.
b. Under IT Administration, select ITAdmin.
c. Right-click Start and then select Windows PowerShell (Admin).
d. From the PowerShell prompt, run the following ping commands.
Press Enter after each command:
ping 192.168.0.10 (CorpServer).
ping 198.28.2.254 (the ISP).
Notice that the ping to the ISP fails.
ping exec (the name of the computer in the Executive Office).
Notice that the ping to Exec is successful. However, the Exec
computer is responding with an APIPA IP address.
e. From the top right, select Answer Questions.
f. Answer Question 2.
4. From ITAdmin, use the ipconfig /all command to continue troubleshooting.
a. From the PowerShell prompt, type ipconfig /all and press Enter.
b. Answer Questions 3 and 4.
5. From Exec, use the ipconfig /all command to continue troubleshooting.
a. From the top left, select Floor 1 Overview.
b. Under Executive Office, select Exec.
c. From the PowerShell prompt, type ipconfig /all and press Enter.
d. Answer Questions 5.
e. Minimize the Lab Questions dialog.
Computer
IP Address
Name
CorpServer 192.168.0.10
Office1 192.168.0.30
Exec 192.168.0.33
ITAdmin 192.168.0.34
198.28.2.254
(Unknown)
(the ISP)
Use the following troubleshooting tools to diagnose the problem on the network:
o The ping, ipconfig, or tracert command line utilities
o The Network & Internet settings on the Windows 10 operating system
Fix the problem at the applicable workstation(s) as necessary.
Use the troubleshooting tools to confirm that the problem is resolved.
Lab Report
Time Spent: 02:45
Score: 7/7 (100%)
TASK SUMMARY
Required Actions & Questions
On the Office1 computer, configure the network connection to request the IP address
information from the DHCP server
Q1What is the subnet mask for ITAdmin
Your answer:255.255.255.0
Correct answer:255.255.255.0
Q2What is the IP address for the first DNS server on ITAdmin
Your answer:192.168.0.11
Correct answer:192.168.0.11
Q3What is the IP address for the subnet mask on Office1
Your answer:255.255.255.240
Correct answer:255.255.255.240
Q4What is the IP address for the first DNS server on Office1
Your answer:163.128.78.108
Correct answer:163.128.78.108
Q5How is Office1 obtaining its IP information
Your answer:Manually assigned
Correct answer:Manually assigned
Q6What is most likely causing the networking issues on Office1
Your answer:There are misconfigured IP addresses.
Correct answer:There are misconfigured IP addresses.
EXPLANATION
Complete this lab as follows:
Troubleshooting
1. From Office 1, use the ping command to begin troubleshooting the problem by verifying
the scope of the connectivity issues.
a. Under Office 1, select Office1.
b. Right-click Start and then select Windows PowerShell.
c. From the PowerShell prompt, run the following ping commands
(press Enter after each command):
ping 192.168.0.10 (CorpServer)
ping 192.168.0.34 (ITAdmin)
ping 198.28.2.254 (the internet service provider)
Notice that all the pings were unsuccessful.
2. From the IT Administration office, use the ping and ipconfig /all commands to continue
determining the scope of the connectivity issues.
a. From the top left, select Floor 1 Overview.
b. Under IT Administration, select ITAdmin.
c. Right-click Start and then select Windows PowerShell.
d. From the PowerShell prompt, run the following ping commands
(press Enter after each command):
ping 192.168.0.10 (CorpServer)
ping 192.168.0.30 (Office1)
ping 192.168.0.33 (Exec)
ping 198.28.2.254 (the internet service provider)
Notice that all the pings were successful.
e. From the PowerShell prompt, type ipconfig /all and press Enter.
f. From the top right, select Answer Questions.
g. Answer Questions 1 and 2.
3. From Office1, use the ipconfig /all command to analyze the differences between Office1
and ITAdmin IP information.
a. From the top left, select Floor 1 Overview.
b. Under Office1, select Office1.
c. From the PowerShell prompt, type ipconfig /all and then press Enter.
d. Answer Questions 3-6.
e. Minimize the Lab Questions dialog.
1. From Office1, configure the network connection to request the IP address information
from the DHCP server:
a. Right-click Start and then select Settings.
b. Select Network & Internet.
c. Select Ethernet.
d. From the right pane, select Change adapter options.
e. Right-click Ethernet and then select Properties.
f. Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
g. Select Obtain an IP address automatically.
h. Select Obtain DNS server address automatically.
i. Select OK.
j. Select Close.
k. Close the Networking Connections and Settings windows.
2. Verify that Office1 is now able to connect to the internet.
a. From the PowerShell prompt, type ipconfig /all. Verify the following settings:
DHCP Enable: Yes
Subnet mask: 255.255.255.0/24
DNS Servers:
192.168.0.11
192.168.10.11
b. From the PowerShell prompt, run the following ping commands
(press Enter after each command):
ping 192.168.0.10 (CorpServer)
ping 192.168.0.34 (ITAdmin)
ping 198.28.2.254 (the internet service provider)
Notice that both pings are successful.
c. From the top right, select Answer Questions.
d. Scroll to the bottom and select Score Lab.
IT
ITAdmin 192.168.0.33
Administration
Lab Report
Time Spent: 01:24
Score: 1/1 (100%)
TASK SUMMARY
Required Actions
Use tracert on ExecHide Details
Run tracert 198.28.56.1 (the router)
Run tracert 163.128.78.93 (the ISP's DNS server)
EXPLANATION
Complete this lab as follows:
On the CorpDHCP server (running as a guest on CorpServer), create a DHCP IPv4 scope
with the following parameters:
o Scope name: Subnet1
o Address range: 192.168.0.20 to 192.168.0.200
o Length: 24
o Subnet mask: 255.255.255.0
o Exclusions and delays: Do not set
o Lease duration: Accept the default duration
o Scope option for the router (default gateway): 192.168.0.5
o Parent domain: Accept the default
o Scope option for DNS servers: 163.128.78.93
o WINS Servers: Do not set
On CorpDHCP, activate the Subnet1 scope.
On Gst-Lap in the Lobby, confirm the DHCP scope settings by configuring the local area
connection to obtain its IP and DNS addresses automatically from the DHCP server.
Lab Report
Time Spent: 10:38
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Configure the IPv4 DHCP scope on the serverHide Details
Scope name: Subnet1
Address range: 192.168.0.20 to 192.168.0.200
Subnet mask: 255.255.255.0
Lease duration: Accept the default
Default gateway (router): 192.168.0.5
DNS Server: 163.128.78.93
Activate the IPv4 DHCP scope on the server
Configure the laptop in the support office to obtain IP and DNS addresses automatically from
the DHCP server
EXPLANATION
Complete this lab as follows:
Configure the following DHCP options for the CorpDHCP server (not on the Subnet1 scope):
o 006 DNS Servers (in the following order):
192.168.0.11
192.168.10.11
o 015 DNS Domain Name: CorpNet.local
Configure Subnet1 scope options as follows:
o 003 Router (default gateway) as 192.168.0.5
Lab Report
Time Spent: 04:49
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Configure the 006 DNS Servers options on the server as 192.168.0.11 and 192.168.10.11
Configure the 015 DNS Domain Name option on the server as CorpNet.local
Configure the 003 Router option on the scope as 192.168.0.5
EXPLANATION
While completing this lab, the 006 DNS Servers options are 192.168.0.11 and 192.168.10.11 (in that
order).
Complete this lab as follows:
Server options apply to every scope on the server. Scope options override the server settings for a
specific scope.
Reservation
IP Address MAC Address
Name
LaserJet4240-
192.168.0.101 aa:61:82:df:04:54
1
LaserJet4240-
192.168.0.102 ce:fd:48:90:06:23
2
Lab Report
Time Spent: 04:32
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Create a reservation for LaserJet4240-1Hide Details
Name the reservation LaserJet4240-1
Assign the IP address of 192.168.0.101
Use aa:61:82:df:04:54 as the MAC address
Use the DHCP support type
Create a reservation for LaserJet4240-2Hide Details
Name the reservation LaserJet4240-2
Assign the IP address of 192.168.0.102
Use ce:fd:48:90:06:23 as the MAC address
Use the DHCP support type
Create a reservation for KonicaColorHide Details
Name the reservation KonicaColor
Assign the IP address of 192.168.0.103
Use c8:ba:99:cd:80:12 as the MAC address
Use the DHCP support type
Create a reservation for AcctPrinterHide Details
Name the reservation AcctPrinter
Assign the IP address of 192.168.0.104
Use f1:a9:3e:f7:7d:3b as the MAC address
Use the DHCP support type
Create a reservation for SalesPrinterHide Details
Name the reservation SalesPrinter
Assign the IP address of 192.168.0.105
Use df:a9:99:cd:80:61 as the MAC address
Use the DHCP support type
EXPLANATION
While completing this lab, use the following information:
IP
Reservation Name MAC Address
Address
Use Routing and Remote Access to configure CorpServer2 as a DHCP Relay Agent by
performing the following:
o Add the DHCP Relay Agent routing protocol.
o Add NetTeam as a DHCP Relay Agent interface.
o Set the boot threshold to 0.
o Configure the DHCP Relay Agent properties to identify 192.168.0.14 as the DHCP
server.
Renew the TCP/IP information on Exec2 (the client machine in Building B).
Verify that Exec2 has a network connection.
Lab Report
Time Spent: 07:16
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Add the DHCP Relay Agent protocol
Add NetTeam as a DHCP Relay Agent interface
Set the boot threshold to 0
For the DHCP protocol, configure 192.168.0.14 as a DHCP server address
Refresh the IP address on Exec2Hide Details
Is connected to a network
Is connected to the internet
EXPLANATION
Complete this lab as follows:
1. Add the DHCP Relay Agent routing protocol.
a. From Server Manager, select Tools > Routing and Remote Access.
b. Expand IPv4.
c. Right-click General and select New Routing Protocol.
d. Select DHCP Relay Agent and then select OK.
2. Add and configure a Relay Agent interface.
a. From the left pane, right-click DHCP Relay Agent and select New Interface.
b. Select NetTeam and then select OK.
c. Make sure Relay DHCP packets is selected.
d. Set the boot threshold to 0 (zero).
e. Select OK.
3. Configure the DHCP Relay Agent properties to identify the DHCP server.
a. Right-click DHCP Relay Agent and select Properties.
b. In the Server address field, enter 192.168.0.14 (the IP address of the DHCP
server).
c. Select Add and then select OK.
4. Renew the TCP/IP address and verify the connection.
a. From the top left, select Floor 1.
b. Under Manager Office, select Exec2.
c. Right-click Start and select Windows PowerShell (Admin).
d. In PowerShell, type ipconfig.
Notice that the current IP address is on the 169.254.0.0 network.
e. In PowerShell, type ipconfig /renew and then press Enter.
The computer should receive an address on the 192.168.10.0 network.
f. From the taskbar, select the network icon to view the connection status.
Lab Report
Time Spent: 03:29
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Set the name of the scope as Sales
Set the address rangeShow Details
Assign a default gateway address of 192.168.10.5 on the Sales scope
Assign DNS server addressesShow Details
Activate the Sales scope
EXPLANATION
Complete this lab as follows:
1. Access the CorpDCHP virtual server.
a. From Hyper-V Manager, select CORPSERVER.
b. Maximize the Hyper-V Manager window to view the available server.
c. Double-click CorpDHCP to connect to the server.
2. Create an IPv4 scope on the CorpDHCP.
a. From Server Manager, select Tools > DHCP.
b. Expand the CorpDHCP.CorpNet.local server node.
c. Right-click IPv4 and then select New Scope.
d. Select Next.
e. In the Name field, enter Sales and then select Next.
f. Enter 192.168.10.21 in the Start IP address field.
g. Enter 192.168.10.199 in the End IP address field.
h. Select Next > Next > Next > Next.
i. From the Router (Default Gateway) dialog, enter an IP address
of 192.168.10.5 and then select Add.
j. Select Next.
k. From the Domain Name and DNS Server dialog, add two DNS server
addresses as follows:
In the IP address field, enter 198.28.56.108 and then select Add.
In the IP address field, enter 163.128.78.93 and then select Add.
l. Select Next > Next.
m. From the Activate Scope dialog, make sure that Yes, I want to activate this
scope now is selected and then select Next.
n. Select Finish to complete the process of creating the DHCP scope.
To provide DHCP fault tolerance for this subnet, you plan to configure DHCP failover for the scope
with the CampusDHCP_2 server (located on subnet 10.10.20.0/24 in Campus 2). Routers have
been configured to pass DHCP requests between subnets.
Use the navigation tabs to switch between servers and campus locations. CampusServer1 and
CampusServer2 are Hyper-V host machines. The DHCP servers run as guest virtual machines on
these servers.
Lab Report
Time Spent: 04:12
Score: 1/1 (100%)
TASK SUMMARY
Required Actions
Configure failover for the Campus1 scopeHide Details
Partner server: CampusDHCP_2
Failover mode: Load balanced
Local server percentage: 75
Partner server percentage: 25
Shared secret: HelpMyDHCP123
EXPLANATION
Complete this lab as follows:
Use the top navigation menu to switch between servers and campus locations. CampusServer2 and
CampusServer3 are Hyper-V host machines. The DHCP servers run as guest virtual machines on
these servers.
Lab Report
Time Spent: 04:39
Score: 1/1 (100%)
TASK SUMMARY
Required Actions
Configure failover on the Campus3 scopeHide Details
Failover partner server: CampusDHCP_2
Failover mode: Hot Standby
Role of Partner Server: Standby
Addresses reserved for the standby server: 10%
Shared Secret: HelpMyDHCP456
EXPLANATION
Complete this lab as follows:
Lab Report
Time Spent: 04:57
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Create an IPv4 scope on CorpDHCPHide Details
Name the scope Bldg-A Subnet
Set the address range
Use 192.168.10.21 as the first address in the range for Bldg-A Subnet
Use 192.168.10.199 as the last address in the range for Bldg-A Subnet
Assign a default gateway address of 192.168.10.5 on the Bldg-A Subnet scope
Assign DNS server addresses
Use 198.28.56.108 for one of the DNS server addresses in the Bldg-A Subnet scope
Use 163.128.78.93 for the other DNS server address in the Bldg-A Subnet scope
Activate the Bldg-A Subnet scope
EXPLANATION
Complete this lab as follows:
Explore the DHCP configuration on CorpDHCP and identify which scopes, exclusions, and
options are currently configured.
Add the CorpDHCP2 server to the DHCP console.
Explore the DHCP configuration on CorpDHCP2 and identify which scopes, exclusions, and
options are configured.
On CorpDHCP, use the Split-Scope wizard to split the Subnet1 scope between CorpDHCP
and CorpDHCP2.
o Configure CorpDHCP to handle 85 percent of the IP addresses.
o Configure CorpDHCP2 to handle 15 percent of the IP addresses.
o Configure a 2 millisecond delay for the target server response.
o Identify which exclusions have been added to the CorpDHCP server.
o Identify which scopes, exclusions, and options have changed on the CorpDHCP2
server.
Activate the backup scope for Subnet1 on CorpDHCP2.
Lab Report
Time Spent: 07:30
Score: 4/4 (100%)
TASK SUMMARY
Required Actions
On CorpDHCP, configure an exclusion for 15 percent of the address range
On CorpDHCP2, configure an exclusion for 85 percent of the address range
Configure a 2 millisecond delay on the target server
Activate the backup scope
EXPLANATION
Complete this lab as follows:
Lab Report
Time Spent: 06:36
Score: 4/4 (100%)
TASK SUMMARY
Required Actions & Questions
Q1What is the current state of the wireless network?
Your answer:The computer does not have a connection.
Correct answer:The computer does not have a connection.
Configure automatic IP addressing through DHCP
Configure automatic DNS addressing
Configure an alternate TCP/IP addressHide Details
IP address: 172.16.0.12
Subnet mask: 255.255.0.0
Default gateway: 172.16.255.254
DNS Server: 198.60.22.2
EXPLANATION
Complete this lab as follows:
a. From the Notification area, select the wireless network icon to view the
current state of the wireless network.
b. In the top right, select Answer Questions.
c. Answer Question 1.
d. Minimize the Lab Questions dialog.
a. Select the wireless network icon in the Notification area and notice that it is
now currently connected to the network.
b. In the top right, select Answer Questions.
c. Select Score Lab.
4.7.6Troubleshoot DHCP 1
You are a network technician for a small corporate network. The network is connected to the internet
and uses DHCP for address assignments. The employees in the Exec Office and Office 2 report that
their workstations can communicate with some computers on the network, but not on the internet.
The IP address for the ISP and internet is 198.28.2.254. The CorpDHCP server is a virtual server
that runs on CorpServer.
Lab Report
Time Spent: 03:20
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Reconfigure the DHCP server with 192.168.0.5 as the default gateway
Verify that the Exec workstation can access the internet
Verify that the Office2 workstation can access the internet
EXPLANATION
Complete this lab as follows:
1. Use Office2 to verify the connectivity problem by pinging Exec, CorpServer, and the
internet service provider (ISP).
a. Right-click Start and select Windows PowerShell (Admin).
b. At the PowerShell prompt, type ping Exec and press Enter.
Notice that Support is translated to 192.168.0.30, and the ping is returned.
c. Type ping Corpserver and press Enter.
Notice that CorpServer is translated to 192.168.0.10, and the ping is
returned.
d. Type ping 198.28.2.254 (the ISP) and press Enter.
The request times out.
2. Use Exec to verify the connectivity problem by pinging Office2, CorpServer, and the
internet service provider (ISP).
a. From the top navigation tabs, select Floor 1 Overview.
b. Under Executive Office, select Exec.
c. Right-click Start and select Windows PowerShell (Admin).
d. At the PowerShell prompt, type ping Office2 and press Enter.
Notice that Office2 is translated to 192.168.0.34, and the ping is returned.
e. Type ping Corpserver and press Enter.
Notice that CorpServer is translated to 192.168.0.10, and the ping is
returned.
f. Type ping 198.28.2.254 and press Enter.
The request times out.
3. Use ipconfig /all to check the Ethernet adapter configuration.
a. At the PowerShell prompt, type ipconfig /all and press Enter.
Notice that the Ethernet adapter is configured with DHCP Enabled, and the
DHCP server has an IP address of 192.168.0.14. This is the correct IP address.
The Ethernet adapter is receiving its IP address, default gateway address, and
DNS addresses from the correct DHCP server.
However, notice that the default gateway address is incorrectly configured as
192.168.0.4. The Exhibit shows that the default gateway should be
192.168.0.5. The DHCP server must be giving out the wrong default gateway
address. This is probably why the workstation can't communicate with the
ISP and the internet.
4. Use CorpServer to access CorpDHCP and reconfigure the default gateway settings for
the DHCP scope.
a. From the top navigation tabs, select Floor 1 Overview.
b. Under Networking Closet, select CorpServer.
c. From Hyper-V Manager, select CORPSERVER.
d. Maximize the window for better viewing.
e. Under Virtual Machines, double-click CorpDHCP to connect to the virtual
server.
f. From Server Manager, select Tools > DHCP.
g. Maximize the window for better viewing.
h. From the left pane, expand CorpCHCP.CorpNet.local > IPv4 > Scope
[192.168.0.1] Subnet1.
i. Select Scope Options.
j. In the center pane, double-click 003 Router.
k. Under IP address, select 192.168.0.4.
l. Select Remove.
m. Enter 192.168.0.5 in the IP address field.
n. Select Add.
o. Select OK.
5. Renew the IP address configurations on the Ethernet adapter for the Support
workstation.
a. From the top navigation tabs, select Floor 1 Overview.
b. Under Executive Office, select Exec.
c. At the PowerShell prompt, type ipconfig /renew and press Enter.
Notice that the default gateway address is now correctly configured as
192.168.0.5.
d. Type ping 198.28.2.254 and press Enter.
Notice the reply from the ISP address.
6. Renew the IP address configurations on the Ethernet adapter for the Office2
workstation.
a. From the top navigation tabs, select Floor 1 Overview.
b. Under Office 2, select Office2.
c. At the PowerShell prompt, type ipconfig /renew and press Enter.
Notice that the default gateway address is now correctly configured as
192.168.0.5.
d. Type ping 198.28.2.254 and press Enter.
Notice the reply from the ISP address.
4.7.7Troubleshoot DHCP 2
You are a network technician for a small corporate network. The network is connected to the internet
and uses DHCP for address assignments. The owner of the company (in the Executive Office) and a
temporary employee (in the IT Administrator office) both report that their workstations can
communicate with some computers on the network, but not on the internet. The IP address for the
ISP and the internet is 198.28.2.254.
Lab Report
Time Spent: 02:26
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Activate the DHCP scope for the local network
Verify that the Executive Office and IT administrator workstations can access the internetHide
Details
Exec computer is connected to the internet
ITadmin computer is connected to the internet
EXPLANATION
Complete this lab as follows:
1. On Exec, verify the connectivity problem by pinging ITAdmin, CorpServer, and the
internet service provider (ISP).
a. Under Executive Office, select Exec.
b. Right-click Start and select Windows PowerShell (Admin).
c. At the PowerShell prompt, type ping ITAdmin and press Enter.
Notice that ITAdmin is translated to 169.254.201.14, and the ping is returned.
The IP address for ITAdmin is in the APIPA range (169.254.0.1 to
169.254.255.254). Since Exec can communicate with ITAdmin, it is likely that
Exec has been assigned an APIPA address as well.
d. Type ping CorpServer and press Enter.
The request times out.
e. Type ping 198.28.2.254 and press Enter. This is the IP address for the ISP.
The request times out. There is probably no default gateway configured so
that the workstation can send traffic to another network.
f. Type ipconfig /all and press Enter.
Notice that DHCP is enabled, but there is no default gateway address or
DHCP server entry.
Notice that the Autoconfiguration IPv4 Address is 169.254.201.10.
This confirms that Exec is using an APIPA address. It also indicates that there
is a problem getting IP configurations from a DHCP server.
2. On ITAdmin, verify the connectivity problem by pinging Exec, CorpServer, and the
internet service provider (ISP).
a. From the top navigation tabs, select Floor 1 Overview.
b. Under IT Administration, select ITAdmin.
c. Right-click Start and select Windows PowerShell (Admin).
d. At the PowerShell prompt, type ping exec and press Enter.
Notice that Exec is translated to 169.254.201.10, and the ping is returned.
e. Type ping CorpServer and press Enter.
The request times out.
f. Type ping 198.28.2.254 and press Enter.
The request times out.
g. Type ipconfig /all and press Enter.
Notice that DHCP is enabled, but there is no default gateway address or
DHCP server entry.
Notice that the Autoconfiguration IPv4 Address is 169.254.201.14.
This is the same problem that occurred with the Exec workstation.
3. Activate the scope.
a. From the top navigation tabs, select Floor 1 Overview.
b. Under Networking Closet, select CorpServer.
c. In Hyper-V Manager, CORPSERVER.
d. Maximize the window for easier viewing.
e. Under Virtual Machines, double-click CorpDHCP to connect to the virtual
server.
f. In Server Manager, select Tools > DHCP.
g. In the left pane, expand and select CorpCHCP.CorpNet.local > IPv4.
In the center pane, notice that the Scope [192.168.0.1] Subnet1 is inactive. (It
has a small red down arrow added to the folder icon.)
h. Right-click Scope [192.168.0.1] Subnet1 and select Activate.
4. Verify that activating the DHCP scope resolved the issues for the Exec computer.
a. From the top navigation tabs, select Floor 1 Overview.
b. Under Executive Office, select Exec.
c. At the PowerShell prompt, type ipconfig /all to view the IP address
information.
Notice that the IPv4 address is now 192.168.0.35, the default gateway
address is now 192.168.0.5, and the DHCP server is now 192.168.0.14.
d. Type ping CorpServer and press Enter.
Notice the reply from CorpServer.
e. Type ping 198.28.2.254 and press Enter.
Notice the reply from the ISP address.
f. Type ping ITAdmin and press Enter. The request is successful because the
IP address is updated automatically.
5. (Optional) Verify that activating the DHCP scope resolved the issues for the ITAdmin
computer.
a. From the top navigation tabs, select Floor 1 Overview.
b. Under IT Administration, select ITAdmin.
c. At the PowerShell prompt, type ipconfig /all and press Enter.
Notice that the IPv4 address is now 192.168.0.36, the default gateway
address is now 192.168.0.5, and the DHCP server is now 192.168.0.14.
d. Type ping CorpServer and press Enter.
Notice the reply from CorpServer.
e. Type ping 198.28.2.254 and press Enter.
Notice the reply from the ISP address.
f. Type ping exec and press Enter.
Notice the reply from Exec.
Locate the current IPv4 IP address for the external vEthernet network adapter.
Answer Question 1.
Configure the external vEthernet network adapter with the following IPv6 address:
o Prefix: 2620:14F0:45EA:0001
o Interface ID: Use the current IPv4 address (in the correct format) for this
adapter
o Subnet prefix length: 64
Use ipconfig to verify the information.
Lab Report
Time Spent: 03:23
Score: 4/4 (100%)
TASK SUMMARY
Required Actions & Questions
Q1What is the IP address for the external vEthernet network adapter
Your answer:192.168.0.10
Correct answer:192.168.0.10
Use 2620:14F0:45EA:0001:192:168:0:10 as the IPv6 address on the vEthernet (external) network
adapter
Use 64 as the subnet prefix length for the IPv6 address
Verify the IPv6 settings using ipconfig
EXPLANATION
Complete this lab as follows:
1. Locate the current IPv4 IP address for the external vEthernet network adapter.
a. Right-click Start and then select Settings.
b. Select Network & Internet.
c. From the right pane, select Change adapter options.
d. Right-click the vEthernet (External) adapter and select Properties.
e. Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
f. From the top right, select Answer Questions.
g. Answer Question 1.
h. From the TCP/IPv4 Properties page, select OK.
2. Configure the external vEthernet network adapter.
a. Select Internet Protocol Version 6 (TCP/IPv6) and then select Properties.
b. Select Use the following IPv6 address and configure the settings as follows:
IPv6 address: 2620:14F0:45EA:0001:192:168:0:10
Subnet prefix length: 64
c. Select OK.
d. Select Close.
3. Verify the IPv6 address.
a. Right-click Start and select Windows PowerShell (Admin) to verify the
address configuration.
b. At the prompt, type ipconfig /all and press Enter to view the IPv6 address.
c. From the Lab Questions window, select Score Lab.
Move the network cable from the onboard adapter in the CorpServer to the 4 port NIC in
CorpServer.
Connect network cables from the 4 port NIC on CorpServer to switch ports 19, 20, and 22.
Configure the adapter ports as members of a NIC team using the following parameters:
o Team name: NetTeam
o Configure Ethernet 3 through Ethernet 6 as members of the team.
o Teaming mode: LACP
o Load balancing mode: Address Hash
o Standby adapter: None (all adapters Active)
Configure the Hyper-V Virtual Switch Manager to use the new NIC team for the External
network, using the Microsoft Network Adapter Multiplexor Driver.
Verify the status of the team and your network connection in Network and Sharing Center.
Lab Report
Time Spent: 17:42
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Connect the 4 port NIC to the switchHide Details
Connect Network Port 1 to the Switch (Ports 19 - 22)
Connect Network Port 2 to the Switch (Ports 19 - 22)
Connect Network Port 3 to the Switch (Ports 19 - 22)
Connect Network Port 4 to the Switch (Ports 19 - 22)
Create the NIC teamHide Details
Team name: NetTeam
Add all four ports to the team
Ethernet 3
Ethernet 4
Ethernet 5
Ethernet 6
Standby adapter: None
Teaming Mode: LACP
Load balancing mode: Address Hash
Configure the External network to use NetTeam
EXPLANATION
Complete this lab as follows:
1. Move the network cable from the onboard adapter in CorpServer to the 4 port NIC in
CorpServer.
a. Above the rack, select Back to switch to the back view of the rack.
b. Drag the network cable from the onboard network adapter on CorpServer
(the 1U server) to a free port on the 4 port NIC in CorpServer.
c. Above the rack, select Front to switch to the front view of the rack.
d. In the Selected Component window, verify that the other end of the network
cable is connect to port 21 on the switch.
2. Connect network cables from the 4 port NIC on CorpServer, to switch ports 19, 20, and
22.
4. Configure the Hyper-V Virtual Switch Manager to use the new NIC team for the External
network.
a. From Server Manager's menu bar, select Tools > Hyper-V Manager.
b. Right-click CORPSERVER and then select Virtual Switch Manager.
c. In the left panel, under Virtual Switches, select the External switch for
configuration options.
d. Under Connection type, use the External network drop-down to select
the Microsoft Network Adapter Multiplexor Driver.
e. Select OK.
5. Verify the status of the team and your network connection using the Network and
Sharing Center.
a. From the system tray, right-click on the network icon and then select Open
Network and Sharing Center.
b. Verify that the NetTeam NIC has an internet connection. Also notice that the
network icon in the system tray shows that the server is connected.
Configure the IPv4 settings for the Ethernet network card to use the following DNS server
addresses:
o Preferred DNS server: 208.67.222.222
o First alternate DNS server: 208.67.222.220
o Second alternate DNS server: 208.67.220.123
o Validate the static DNS server information.
Lab Report
Time Spent: 07:22
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Use static DNS server addresses
Add 208.67.222.222 as a DNS server
Add 208.67.222.220 as a DNS server
Add 208.67.220.123 as a DNS server
Configure DNS server addresses in the required order
EXPLANATION
While completing this lab, use the following DNS information:
Create a primary forward lookup zone on CorpDC using the following parameters:
o Deselect Store the zone in Active Directory.
o Use acct.CorpNet.local as the zone name.
o Use the default name for the zone file.
o Do not allow dynamic updates.
o Allow zone transfers to any server.
Create a secondary forward lookup zone called acct.CorpNet.local on CorpDC3.
o Specify 192.168.0.11 or CorpDC.CorpNet.Local as the master DNS server for the
zone.
Lab Report
Time Spent: 10:21
Score: 4/4 (100%)
TASK SUMMARY
Required Actions
Create the acct.CorpNet.local primary forward lookup DNS zone on CorpDCHide Details
Zone name: acct.CorpNet.local
Zone type: Primary
Deselect Store the zone in Active Directory
Select Do not allow dynamic updates
Allow zone transfers to any server
Create the acct.CorpNet.local secondary zone on CorpDC3Hide Details
Zone name: acct.CorpNet.local
Zone type: Secondary
Configure CorpDC (192.168.0.11) as the master server for the zone
EXPLANATION
Complete this lab as follows:
Create an IPv4 Active Directory-integrated primary reverse lookup zone for subnet
192.168.0.0/24. Be sure to accept the default replication and dynamic update settings.
Create A records and PTR records under CorpNet.local for the following hosts:
CorpFiles1
192.168.0.12
6
CorpFiles1
192.168.0.13
2
CorpDHCP 192.168.0.14
CorpWeb 192.168.0.15
If you create the A records before creating the reverse lookup zone, the PTR records will not be
created automatically.
Lab Report
Time Spent: 06:30
Score: 6/6 (100%)
TASK SUMMARY
Required Actions
Create a reverse lookup zone for the 192.168.0 subnet
Create A and PTR records for CorpServer.CorpNet.localHide Details
Create the CorpServer A record using 192.168.0.10
PTR record created for CorpServer
Create A and PTR records for CorpFiles16.CorpNet.localHide Details
Create the CorpFiles16 A record using 192.168.0.12
PTR record created for CorpFiles16
Create A and PTR records for CorpFiles12.CorpNet.localHide Details
Create the CorpFiles12 A record using 192.168.0.13
PTR record created for CorpFiles12
Create A and PTR records for CorpDHCP.CorpNet.localHide Details
Create the CorpDHCP A record using 192.168.0.14
PTR record created for CorpDHCP
Create A and PTR records for CorpWeb.CorpNet.localHide Details
Create the CorpWeb A record using 192.168.0.15
PTR record created for CorpWeb
EXPLANATION
While completing this lab, use the following information:
Host
IP Address
Name
CorpServer 192.168.0.10
CorpFiles16 192.168.0.12
CorpFiles12 192.168.0.13
CorpDHCP 192.168.0.14
CorpWeb 192.168.0.15
http://sales.private
http://intranet.sales.private
http://www.sales.private
You have already created the sales.private forward lookup zone on the CorpDC server.
Allow connections to the web server by creating the following ALIAS (CNAME) records in the
zone using the following information:
intranet CorpWeb.CorpNet.local
www CorpWeb.CorpNet.local
When creating ALIAS records, use CorpWeb.CorpNet.local as the fully qualified domain name.
Lab Report
Time Spent: 04:11
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Create the ALIAS (CNAME) record with a blank name pointing to CorpWeb.CorpNet.localHide
Details
Make sure the record type is Alias (CNAME)
Leave the name blank
Use CorpWeb.CorpNet.local as the target host
Create the intranet ALIAS (CNAME) record pointed to CorpWeb.CorpNet.localHide Details
Make sure the record type is Alias (CNAME)
Use intranet as the record name
Use CorpWeb.CorpNet.local as the target host
Create the www ALIAS (CNAME) record pointed to CorpWeb.CorpNet.localHide Details
Make sure the record type is Alias (CNAME)
Use www as the record name
Use CorpWeb.CorpNet.local as the target host
EXPLANATION
Complete this lab as follows:
Lab Report
Time Spent: 03:18
Score: 3/3 (100%)
TASK SUMMARY
Lab Questions
Q1While testing connectivity, which ping commands were successful, if any?
Your answer:ping 192.168.0.15
Correct answer:ping 192.168.0.15
Create an A record for CorpWeb using 192.168.0.15
Q2After implementing your fix, which ping commands were successful?
Your answer:ping CorpWeb.CorpNet.local,ping 192.168.0.15
Correct answer:ping CorpWeb.CorpNet.local, ping 192.168.0.15
EXPLANATION
Complete this lab as follows:
In this lab, your task is to configure the DNS service on CorpDC using the following settings:
Forward name resolution requests outside of the CorpNet.xyz domain to the following ISP
DNS servers:
o 163.128.80.93
o 163.128.78.93
Use root hints for requests if the ISP DNS servers are unavailable.
Lab Report
Time Spent: 02:57
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Configure CorpDC to use 163.128.80.93 as a forwarder
Configure CorpDC to use 163.128.78.93 as a forwarder
Use root hints if the forwarding server is unavailable
EXPLANATION
Complete this lab as follows:
CAMPUSDC1 is a Windows Server 2022 server that holds the primary copy of the PartnerNet.xyz
domain. The server is in a screened subnet, or demilitarized zone (DMZ), and provides name
resolution for the domain for internet hosts.
The partner company wants to prevent CAMPUSDC1 from performing name resolution requests for
domains other than the PartnerNet.xyz domain. In other words, they do not want internet hosts to be
able to obtain name resolution from CAMPUSDC1 for domains outside the company.
Lab Report
Time Spent: 04:21
Score: 5/5 (100%)
TASK SUMMARY
Required Actions & Questions
Q1How many root hints are being shown
Your answer:13
Correct answer:13
Create the root zone named . (a dot to represent the root zone)
Create the root zone as a primary zone
Do not allow dynamic updates
Q2Regarding root hints, select the answer that best matched the results of your new zone
Your answer:All of the root hints have been eliminated.
Correct answer:All of the root hints have been eliminated.
EXPLANATION
Complete this lab as follows:
You also need to create an Active Directory–integrated zone to store the zone data in Active
Directory. Using an Active Directory–integrated zone lets you use a multi-master approach to storing
zone data. These types of zones also support secure dynamic DNS updates. You can only create
Active Directory–integrated zones on DNS servers that are domain controllers.
Create a forward lookup zone on the CorpDC DNS server using the following guidelines:
o Zone type: Primary (stored in Active Directory)
o Replicate data: To all DNS servers in the CorpNet.local forest
o Zone name: mrktg.private
o Dynamic update type: Allow only secure dynamic updates
Lab Report
Time Spent: 01:59
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Configure the mrktg.private zone as a primary zone
Replicate data with all domain controllers in the domain
Create the mrktg.private forward lookup zone
Allow only secure dynamic updates
Configure the mrktg.private zone as an Active Directory-integrated zone
EXPLANATION
Complete this lab as follows:
The zone must exist on a domain controller before it can be converted to an Active Directory-
integrated zone.
Lab Report
Time Spent: 02:31
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Convert the sales.private zone to an Active Directory-integrated zone
Replicate zone data with all DNS servers in the domain
EXPLANATION
Complete this lab as follows:
1. Connect to the CorpDC virtual server.
a. In Hyper-V Manager, select CORPSERVER.
b. Double-click CorpDC to connect to this server.
c. Maximize the window for better viewing.
2. Convert the sales.private zone to an Active Directory-integrated zone.
a. In Server Manager, select Tools > DNS.
b. Maximize the window for better viewing.
c. Expand CORPDC > Forward Lookup Zones.
d. Right-click sales.private and select Properties.
e. For Type, select Change.
f. Make sure that Primary zone is selected.
g. Select Store the zone in Active Directory and then select OK.
h. Select Yes to confirm Active Directory integration.
3. Change the replication scope to store data on all DNS servers in the domain.
a. For Replication, select Change.
b. Select To all DNS servers in this domain, and then select OK.
c. Select Yes to confirm your changes.
d. Select OK to close the Properties window.
Use nslookup to query the DNS for the CorpWeb server using its fully qualified domain name
(CorpWeb.CorpNet.xyz).
o What are your results?
Use nslookup to query the CorpDC3 DNS server for CorpWeb. Use the fully qualified domain
name for both CorpDC3 and CorpWeb.
o What are your results?
o What is the problem?
o How would you resolve this problem?
o How would you verify that the problem has been fixed?
Lab Report
Time Spent: 11:25
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Run nslookup on CorpWeb.CorpNet.xyz
Explore DNS with nslookup
EXPLANATION
Complete this lab as follows:
1. Use nslookup to query the DNS for the CorpWeb server using its fully qualified domain
name.
a. Right-click Start and select Windows PowerShell (Admin).
b. At the PowerShell prompt, type nslookup CorpWeb.CorpNet.xyz and
press Enter.
The CorpDC DNS server responds with the name resolution information for
CorpWeb.
2. Use nslookup to query the CorpDC3 DNS server for CorpWeb.
a. Type nslookup CorpWeb.CorpNet.xyz CorpDC3.CorpNet.local and
press Enter.
The CorpDC3 DNS server responds that it can't find CorpWeb. CorpDC3 does
not have a DNS record for CorpWeb.
3. Answer the following questions:
How would you verify that the problem has been fixed?
After implementing the above solution, you could verify that the problem was fixed by
repeating step 2. The CorpDC3 DNS server should respond with name resolution
information for CorpWeb.
In this lab, your task is to use DNSSEC to sign the PartnerCorp.xyz zone as follows:
Lab Report
Time Spent: 14:24
Score: 6/6 (100%)
TASK SUMMARY
Required Actions
Make CampusDC1 the Key MasterHide Details
Zone is Signed
Enable Trust Anchors
Add a Key Signing KeyHide Details
Key Length: 1024
Rollover Frequency: 730
Add a Zone Signing KeyHide Details
Key Length: 1024
Rollover Frequency: 730
Configure NSEC3 - Random salt of length 8
Enable the distribution of trust anchors
Configure Signing and Polling ParametersHide Details
DS Record TTL: 4800
DNSKey Record TTL: 4800
EXPLANATION
Complete this lab as follows:
For security reasons, you plan to install a read-only domain controller in the new location.
In this lab, your task is to pre-create the RODC account in Active Directory as follows:
Create a global security group named Branch3-RODC Admins in the Users container.
Members of this group will be able to manage the read-only domain controller at the new
location.
Create the following RODC account in the Domain Controllers OU:
o Name: Branch3-RODC
o Specify your current credentials to complete the installation.
o Add the account to the Main-Site site.
o Make the domain controller a global catalog server and DNS server.
o Identify the Branch3-RODC Admins group to manage the read-only domain
controller.
Lab Report
Time Spent: 04:35
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Create the RODC administrator group
Create the Branch3-RODC accountHide Details
Create the RODC account
Add the RODC account to Main-Site
Make the RODC a global catalog server
Make the RODC a DNS server
Allow the Branch3-RODC Admins group to manage the RODC
EXPLANATION
Complete this lab as follows:
All members of the Sales team could use either the Branch3 or the Branch4 location.
Only members of the Research-Dev team should use the Branch4 location.
Mark Woods, a member of the Accounting department, will travel to both branches when
performing audits.
In this lab, your task is to configure the password replication policy for Branch3-RODC and Branch4-
RODC to cache only the necessary passwords using the following parameters:
Edit the Allowed RODC Password Replication Group group in the Users container. Add the
following as members of the group:
o Sales group
o Mark Woods user account
o To allow caching of computer account passwords, add:
All computer accounts in the Sales OU (Sales1 through Sales5).
The Acct2 computer account from the Accounting OU.
Edit the properties for the Branch4-RODC account. Configure the password replication policy
as follows:
o Remove the group Allowed RODC Password Replication Group.
o Add the group Allowed RODC Password Replication Group to the policy again,
but with Deny permissions.
o Add the Research-Dev group with Allow permissions.
o Add the Mark Woods user account with Allow permissions.
o Add the following computer accounts with Allow permissions to allow caching of
computer account passwords:
From the Research OU: ResM1, ResM2, and ResM3
From the Accounting OU: Acct2
Lab Report
Time Spent: 08:07
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Add members to the Allowed RODC Password Replication GroupHide Details
Add the Sales group as a member
Add Mark Woods as a member
Add the Acct2 computer account as a member
Add all computer accounts in the Sales OU as members (Sales1 through Sales5)
Modify the password replication policy for Branch4-RODCHide Details
Deny the Allowed RODC Password Replication Group
Allow the Mark Woods account
Allow the Research-Dev group
Allow the Acct2 account
Allow the ResM1, ResM2, and ResM3 accounts
EXPLANATION
Complete this lab as follows:
Lab Report
Time Spent: 12:25
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Transfer the RID master to CorpDC3
Transfer the PDC master to CorpDC3
EXPLANATION
Complete this lab as follows:
This means that CorpDC will only host the infrastructure master role.
Remove the global catalog from CorpDC.
This is required because you will create additional domains in the forest, and you want to
follow Microsoft's recommendation not to place the infrastructure master on a global catalog
server.
Lab Report
Time Spent: 01:27
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Transfer the domain naming master role to CorpDC4
Remove the global catalog from CorpDC
EXPLANATION
Complete this lab as follows:
Domain
Current Role(s)
Controller
CorpDC2 None
PDC emulator
CorpDC3
RID master
Identify the operations master role that could cause the symptoms explained in the scenario.
Transfer the correct operations master roles to the CorpDC2 domain controller.
Lab Report
Time Spent: 00:44
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Transfer the RID master to CorpDC2 based on the symptoms
Transfer the PDC emulator to follow Microsoft's recommendations
EXPLANATION
Complete this lab as follows:
In this lab, your task is to designate CorpDC2 and CorpDC3 as global catalog servers.
Lab Report
Time Spent: 01:06
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Designate CorpDC2 as a global catalog server
Designate CorpDC3 as a global catalog server
EXPLANATION
Complete this lab as follows:
In this lab, your task is to enable universal group membership caching in the branch office.
You can perform this task from any of the writeable domain controllers in the network (CorpDC or
CorpDC2).
Lab Report
Time Spent: 01:26
Score: 1/1 (100%)
TASK SUMMARY
Required Actions
Enable Universal group membership caching for the Branch2-Site site
EXPLANATION
Complete this lab as follows:
Your company works closely with another company. Their network has a single domain named
PartnerCorp.xyz.
You need to let users in both forests access resources in both forests using the minimum number of
trusts. Forest root trusts are transitive, meaning that the trust allows access to all child domains
within the forest.
In this lab, your task is to create a forest root trust between the CorpNet.local and PartnerCorp.xyz
forests.
Lab Report
Time Spent: 09:50
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Create a trust from Corpnet.local to PartnerCorp.xyzHide Details
Create the trust to the PartnerCorp.xyz domain
Create a forest trust
Create a two-way trust
Use forest-wide authentication
Use Trust@urF@r3st for the password
Create a trust from PartnerCorp.xyz to Corpnet.localHide Details
Create the trust to the Corpnet.local domain
Create a forest trust
Create a two-way trust
Use forest-wide authentication
Use Trust@urF@r3st for the password
EXPLANATION
Complete this lab as follows:
1. Create the trust from CorpNet.local to PartnerCorp.xyz.
a. From Server Manager, select Tools > Active Directory Domains and Trusts.
b. Right-click CorpNet.local and select Properties.
c. Select the Trusts tab.
d. Select New Trust.
e. Select Next to start the wizard.
f. Enter PartnerCorp.xyz as the target domain and then select Next.
g. Select Forest trust and then select Next.
h. Make sure Two-way is selected as the direction for the trust and then
select Next.
i. Make sure This domain only is selected and then select Next.
j. Make sure Forest-wide authentication is selected and then select Next.
k. In the Trust password field, enter Trust@urF@r3st as the password.
l. In the Confirm trust password field, enter Trust@urF@r3st and then
select Next.
m. Select Next to create the trust.
n. Select Next to verify the trusts.
o. Select Next to use No, do not confirm the outgoing trust.
p. Select Next to use No, do not confirm the incoming trust.
q. Select Finish.
r. Select OK.
2. Create the trust from PartnerCorp.xyz to CorpNet.local.
a. From the top left, select Domains.
b. Under PartnerCorp.xyz, select CampusDC1.
c. From Server Manager, select Tools > Active Directory Domains and Trusts.
d. Right-click the PartnerCorp.xyz and select Properties.
e. Select the Trusts tab.
f. Select New Trust.
g. Select Next to start the wizard.
h. Enter CorpNet.local as the target domain and then select Next.
i. Select Forest trust and then select Next.
j. Make sure Two-way is selected as the direction for the trust and then
select Next.
k. Make sure This domain only is selected and then select Next.
l. Make sure Forest-wide authentication is selected and then select Next.
m. In the Trust password field, enter Trust@urF@r3st as the password.
n. In the Confirm trust password field, enter Trust@urF@r3st and then
select Next.
o. Select Next to create the trust.
p. Select Next to verify the trusts.
q. Select Yes, confirm the outgoing trust, and then select Next.
r. Select Yes, confirm the incoming trust, and then select Next.
s. Select Finish.
t. Select OK.
Management has decided that the full cross-forest trust you created is too much of a security risk.
However, the board of directors for PartnerNet still needs access to financial resources that are in
the Branch1.CorpNet.local domain.
Only the members of the Directors group should be allowed to access the domain. Other users at
PartnerNet should not be able to access Branch1.CorpNet.local, and users in CorpNet should not be
able to access the PartnerCorp.xyz domain.
In this lab, your task is to create trust relationship(s) with the CorpNet network to meet the
requirements specified in the scenario above.
You are currently working at CampusServer1, which is a Hyper-V host. Domain controllers
for the PartnerCorp.xyz domain run as guests on this server.
Create both sides of the trust.
As necessary, use the following usernames and passwords to connect to the destination
domain:
Any additional configuration required in the CorpNet.local forest beyond creating the trust
relationship will be performed by administrators in their respective domains.
Lab Report
Time Spent: 03:39
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Create the trust to the Branch1.CorpNet.local domain
Create an external trust
Create an incoming trust
Create the trust in the target domain
Configure selective authentication in the target domain
EXPLANATION
Complete this lab as follows:
CorpNet.local
Branch1.CorpNet.local
Branch2.CorpNet.local
Domain Password
Branch1.CorpNet.local 2ManyP@ssw0rds
Branch2.CorpNet.local goingFISHing@5
Lab Report
Time Spent: 02:48
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Create a shortcut trust from Branch1.CorpNet.local to Branch2.CorpNet.localHide Details
Create the trust to the Branch2.CorpNet.local domain
Create a shortcut trust
Create a two-way trust
Confirm the outgoing trust
Create a shortcut trust from Branch2.CorpNet.local to Branch1.CorpNet.localHide Details
Create the trust to the Branch1.CorpNet.local domain
Create a shortcut trust
Create a two-way trust
Confirm the incoming trust
EXPLANATION
Complete this lab as follows:
CorpDC
CorpDC2 192.168.0.0/24
Main-Site
CorpDC3 192.168.10.0/24
CorpDC4
BranchDC
Branch1-Site 192.168.20.0/24
1
BranchDC
Branch2-Site 192.168.30.0/24
2
Lab Report
Time Spent: 10:05
Score: 8/8 (100%)
TASK SUMMARY
Required Actions
Rename the Default-First-Site-Name site
Create the Main-Site siteHide Details
Create the site
Leave CorpDC in the Main-Site
Leave CorpDC2 in the Main-Site
Leave CorpDC3 in the Main-Site
Leave CorpDC4 in the Main-Site
Create the Branch1-Site siteHide Details
Create the site
Place BranchDC1 into the site
Create the Branch2-Site siteHide Details
Create the site
Place BranchDC2 into the site
Create the 192.168.0.0/24 subnetHide Details
Create the subnet
Link the subnet to Main-Site
Create the 192.168.10.0/24 subnetHide Details
Create the subnet
Link the subnet to Main-Site
Create the 192.168.20.0/24 subnetHide Details
Create the subnet
Link the subnet to Branch1-Site
Create the 192.168.30.0/24 subnetHide Details
Create the subnet
Link the subnet to Branch2-Site
EXPLANATION
While completing this lab, use the following information:
Branch1-
BranchDC1 192.168.20.0/24
Site
Branch2-
BranchDC2 192.168.30.0/24
Site
Delete the Default-First-Site-Name site or rename it as one of the three sites in the table.
Create and configure three sites and subnets as follows:
Campus1-Main-Site
Campus1-Campus2
Campus2-Site
Campus1-Main-Site
Campus1-Campus3
Campus3-Site
Campus2-Site
Campus2-Campus3
Campus3-Site
Lab Report
Time Spent: 16:08
Score: 11/11 (100%)
TASK SUMMARY
Required Actions
Create the Campus1-Main-Site siteHide Details
Create the site
Place CampusDC1 into the site
Place CampusDC4 into the site
Create the Campus2-Site siteHide Details
Create the site
Place CampusDC2 into the site
Create the Campus3-Site siteHide Details
Create the site
Place CampusDC3 into the site
Create the 10.10.10.0/24 subnetHide Details
Create the subnet
Link the subnet to Campus1-Main-Site
Create the 10.10.20.0/24 subnetHide Details
Create the subnet
Link the subnet to Campus2-Site
Create the 10.10.30.0/24 subnetHide Details
Create the subnet
Link the subnet to Campus3-Site
Create the Campus1-Campus2 site linkHide Details
Add Campus1-Main-Site to the site link
Add Campus2-Site to the site link
Do not add Campus3-Site to the site link
Create the Campus2-Campus3 site linkHide Details
Add Campus2-Site to the site link
Add Campus3-Site to the site link
Do not add Campus1-Main-Site to the site link
Create the Campus1-Campus3 site linkHide Details
Add Campus1-Main-Site to the site link
Add Campus3-Site to the site link
Do not add Campus2-Site to the site link
Delete or rename the Default-First-Site-Name site
Delete or rename the DEFAULTIPSITELINK site link
EXPLANATION
While completing this lab, use the following information:
CampusDC1
Campus1-Main-Site 10.10.10.0/24
CampusDC4
Campus1-Main-Site
Campus1-Campus2
Campus2-Site
Campus1-Main-Site
Campus1-Campus3
Campus3-Site
Campus2-Site
Campus2-Campus3
Campus3-Site
Lab Report
Time Spent: 02:29
Score: 1/1 (100%)
TASK SUMMARY
Required Actions
Configure intrasite replication to occur 4 times per hour every hour of every day
EXPLANATION
Complete this lab as follows:
You need to customize Active Directory replication to accomplish the following goals:
Replication between the Campus2 and Campus3 sites should use the 20 Mbps line only if
one of the links to the Campus1 site is unavailable. In other words, Active Directory
replication should use the site links from Campus3 to Campus1 and from Campus1 to
Campus2.
To reduce WAN traffic on the link, replication between Campus1 and Campus2 should only
occur during the hours of 8:00 p.m. and 6:00 a.m. Monday through Friday. Replication is
allowed during all hours on the weekend.
Replication from Campus1 to Campus2, and from Campus1 to Campus3 should occur once
per hour during the hours that replication is allowed.
Replication between sites originating from the Campus1 site should only use CampusDC1.
CampusDC4 should not be used for inter-site replication.
Lab Report
Time Spent: 05:54
Score: 10/10 (100%)
TASK SUMMARY
Required Actions
Accounting OUHide Details
Create the Accounting OU
Prevent accidental deletion of the Accounting OU
Admins OUHide Details
Create the Admins OU
Prevent accidental deletion of the Admins OU
Marketing OUHide Details
Create the Marketing OU
Prevent accidental deletion of the Marketing OU
Research-Dev OUHide Details
Create the Research-Dev OU
Prevent accidental deletion of the Research-Dev OU
Sales OUHide Details
Create the Sales OU
Prevent accidental deletion of the Sales OU
Servers OUHide Details
Create the Servers OU
Prevent accidental deletion of the Servers OU
Sales\SalesManagers OUHide Details
Create the Sales\SalesManagers OU
Prevent accidental deletion of the Sales\SalesManagers OU
Sales\TempSales OUHide Details
Create the Sales\TempSales OU
Prevent accidental deletion of the Sales\TempSales OU
Support OUHide Details
Create the Support OU
Prevent accidental deletion of the Support OU
Workstations OUHide Details
Create the Workstations OU
Prevent accidental deletion of the Workstations OU
EXPLANATION
While completing this lab, use the following information:
Create the following domain OUs:
o Accounting
o Admins
o Marketing
o Research-Dev
o Sales
o Servers
o Support
o Workstations
Within the Sales OU, create the following OUs:
o SalesManagers
o TempSales
While creating the structure, you added an OU named Workstations in each of the departmental
OUs. After further thought, you decide to use one Workstations OU for the company. As a result, you
need to delete the departmental workstation OUs.
Lab Report
Time Spent: 04:31
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Delete the Marketing\Workstations OU
Delete the Research-Dev\Workstations OU
Delete the Sales\Workstations OU
EXPLANATION
While completing this lab, use the following information:
Delete the Workstations OUs from within the:
Marketing OU
Research-Dev OU
Sales OU
Create the following computer accounts in the Workstations OU of the CorpNet.local domain:
o Sales1
o Sales2
o Sales3
o Sales4
o Sales5
Lab Report
Time Spent: 01:51
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Create the Sales1 computer account in the Workstations OU
Create the Sales2 computer account in the Workstations OU
Create the Sales3 computer account in the Workstations OU
Create the Sales4 computer account in the Workstations OU
Create the Sales5 computer account in the Workstations OU
EXPLANATION
While completing this lab, use the following information:
In this lab, your task is to create the following user accounts on CorpDC:
Permanent sales
Susan Smith Sales\PermSales
employee
Mark Burnes Sales manager Sales\SalesManagers
Use the following user account naming standards and specifications as you create each account:
Create the user account in the departmental OU corresponding to the employee's job role.
User account name: First name + Last name
Logon name: firstinitial + lastname with @CorpNet.local as the domain
Original password: asdf1234$ (must change after the first logon)
Configure the following for the temporary sales employee:
o Limit the logon hours to allow logon only
from 8:00 a.m. to 5:00 p.m., Monday through Friday.
o Set the user account to expire on December 31st of the current year.
Lab Report
Time Spent: 08:37
Score: 4/4 (100%)
TASK SUMMARY
Required Actions
Create the Juan Suarez accountHide Details
Create the Juan Suarez account in the Marketing\MarketingManagers OU
Set the first name, last name, and full name properties
Use jsuarez for the logon name with @CorpNet.local appended as the domain
Set the password to asdf1234$
Require a password change at next logon
Enable the account
Create the Susan Smith accountHide Details
Create the Susan Smith account in the Sales\PermSales OU
Set the first name, last name, and full name properties
Use ssmith for the logon name with @CorpNet.local appended as the domain
Set the password to asdf1234$
Require a password change at next logon
Enable the account
Create the Mark Burnes accountHide Details
Create the Mark Burnes account in the Sales\SalesManagers
Set the first name, last name, and full name properties
Use mburnes for the logon name with @CorpNet.local appended as the domain
Set the password to asdf1234$
Require a password change at next logon
Enable the account
Create the Borey Chan accountHide Details
Create the Borey Chan account in the Sales\TempSales OU
Set the first name, last name, and full name properties
Use bchan for the logon name with @CorpNet.local appended as the domain
Set the password to asdf1234$
Require a password change at next logon
Enable the account
Limit the logon hours of Borey Chan to allow logon only from 8 am to 5 pm, Monday through Friday.
Expire the Borey Chan account on December 31st
EXPLANATION
As you complete this lab, use the following information:
User Job Role Departmental OU
Permanent sales
Susan Smith Sales\PermSales
employee
g.Select Next.
h.In the Password field, enter asdf1234$.
i.In the Confirm password field, enter asdf1234$.
j.Make sure User must change password at next logon is selected and then
select Next.
k. Select Finish to create the object.
l. Repeat steps 2b–2k to create the additional users.
3. Modify user account restrictions for the temporary sales employee.
a. Right-click Borey Chan and select Properties.
b. Select the Account tab.
c. Select Logon hours.
d. From the Logon Hours dialog, select Logon Denied to clear the allowed
logon hours.
e. Select the time range of 8:00 a.m. to 5:00 p.m., Monday through Friday.
f. Select Logon Permitted to allow logon.
g. Select OK.
h. Under Account expires, select End of.
i. In the End of field, use the drop-down calendar to select 31 December of
the current year.
j. Select OK.
7.3.11 Manage User Accounts
You are the IT administrator for a small corporate network. You recently added an Active Directory
domain on the CorpDC server to manage network resources centrally. Organizational units in the
domain represent departments. User and computer accounts are in their respective departmental
OUs. Over the past few days, several personnel changes have occurred that require changes to
user accounts.
In this lab, your task is to use the following information to make the necessary user account changes
on CorpDC:
Mary Barnes from the Accounting Department has forgotten her password, and now her
account is locked.
o Unlock the account.
o Reset the password: asdf1234$
o Require a password change at the next logon.
Mark Woods has been fired from the accounting department. Disable his account.
Pat Benton is returning to the Research-Dev department from maternity leave. Her account
is disabled to prevent logon. Enable her account.
Andrea Simmons from the Research-Dev department has recently married.
o Rename the account: Andrea Socko
o Change the last name: Socko
o Change the display name: Andrea Socko
o Change the user logon and the pre-Windows 2000 user logon name: asocko
For all users in the Support OU (but not the SupportManagers OU), allow logon only to the
Support computer.
Lab Report
Time Spent: 08:58
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Unlock the Mary Barnes user accountHide Details
Unlock the account
Reset the password to asdf1234$
Require a password change at the next logon
Disable the Mark Woods user account
Enable the Pat Benton user account
Modify the Andrea Simmons user accountHide Details
Rename the account to Andrea Socko
Change the last name to Socko
Change the display name properties to Andrea Socko
Change the user logon name to asocko
Change the pre-Windows 2000 user logon name to asocko
Restrict Janice Rons and Tom Plask to use only the Support computer
EXPLANATION
Complete this lab as follows:
Create the following global security groups on the CorpDC server in their corresponding
OUs:
Accounting Accounting
Research-
Research-Dev
Dev
Sales Sales
Add all user accounts in the corresponding OUs and sub-OUs as members of the newly
created groups.
Lab Report
Time Spent: 11:46
Score: 6/6 (100%)
TASK SUMMARY
Required Actions
Create a global security group named Accounting in the Accounting OU
Add the correct employees as members of the Accounting groupHide Details
Add Mark Woods as a member of the Accounting group
Add Mary Barnes as a member of the Accounting group
Create a global security group named Research-Dev in the Research-Dev OU
Add the correct employees as members of the Research-Dev groupHide Details
Add Andrea Socko as a member of the Research-Dev group
Add Arlene Kimbly as a member of the Research-Dev group
Add Pat Benton as a member of the Research-Dev group
Add Scott Trans as a member of the Research-Dev group
Add Stella Hanson as a member of the Research-Dev group
Add Tre Julian as a member of the Research-Dev group
Add Wendy Pots as a member of the Research-Dev group
Create a global security group named Sales in the Sales OU
Add the correct employees as members of the Sales groupHide Details
Add Susan Smith as a member of the Sales group
Add Mark Burnes as a member of the Sales group
Add Borey Chan as a member of the Sales group
EXPLANATION
While completing this lab, use the following information:
OU Creation
New Group Name
Location
Accounting Accounting
Research-Dev Research-Dev
Sales Sales
Create an Active Directory group account named Managers in the Users folder.
Configure the Managers group with a domain local group scope and a distribution group
type.
Add the following user accounts as members of the Managers group:
o Juan Suarez
o Mark Burnes
o Shelly Emery
Lab Report
Time Spent: 03:46
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Create the Managers domain local distribution group in the Users containerHide Details
Create the Managers group
Create a domain local group
Create a distribution group
Add the correct objects as members of the Managers distribution groupHide Details
Add Juan Suarez as a member of the Managers domain local distribution group
Add Mark Burnes as a member of the Managers domain local distribution group
Add Shelly Emery as a member of the Managers domain local distribution group
EXPLANATION
Complete this lab as follows:
You created the group and added several individual user accounts as members of the group. Now
you would like to use the group to assign permissions to company managers.
Lab Report
Time Spent: 01:42
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Change the Managers group scope to Global
Change the Managers group type to Security
EXPLANATION
Complete this lab as follows:
1. Connect to the CorpDC virtual machine.
a. From Hyper-V Manager, select CORPSERVER.
b. Double-click CorpDC to open the virtual server.
2. Configure the group named Managers.
a. From Server Manager, select Tools > Active Directory Users and
Computers.
b. Maximize the window for easier viewing.
c. In the left pane, expand CorpNet.local.
d. Select Users.
e. From the right pane, right-click Managers and select Properties.
f. Under Group scope, select Universal.
g. Select Apply. The Global option is now available for selection.
h. Select Global.
i. Under Group type, select Security.
j. Select OK to apply the changes.
In this lab, your task is to implement a group strategy that meets the above requirements on CorpDC
as follows:
Group Group
Group Name Members
Scope Type
Support Domain
Security Support group
Resources local
Lab Report
Time Spent: 07:38
Score: 6/6 (100%)
TASK SUMMARY
Required Actions
Create the Support groupHide Details
Set the group scope for Support to Global
Set the group type for Support to Security
Create the Support Resources groupHide Details
Set the group scope for Support Resources to Domain Local
Set the group type for Support Resources to Security
Add Tom Plask as a member of the Support group
Add Shelly Emery as a member of the Support group
Add Janice Rons as a member of the Support group
Add the Support group as a member of the Support Resources group
EXPLANATION
Complete this lab as follows:
PasswordAdmins – can reset passwords for any user in the domain and force password
change at next logon
ComputerAdmins – can join computers to the domain
GPOLinkAdmins – can manage GPO links for Accounting, Marketing, Research-Dev, Sales,
and Support OUs
Create the following global security groups in the Users container for each administrative
role:
o PasswordAdmins
o ComputerAdmins
o GPOLinkAdmins
Use the Delegation of Control wizard to delegate the necessary permissions at the correct
level to each group. In the wizard, use the common tasks option for delegating control.
You must run the Delegation of Control wizard at each level and for each different
administrative role. For example, to delegate permissions for the GPOLinkAdmins group, you
must run the wizard five times and select a different OU each time.
Lab Report
Time Spent: 21:24
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Create and delegate permissions to the PasswordAdmins groupHide Details
Create the group in the Users container
Create the group as a Global security group
Permission delegated to PasswordAdmins at CorpNet.local
Granted Reset user passwords and force password change at next logon permission
Create and delegate permissions to the ComputerAdmins groupHide Details
Create the group in the Users container
Create the group as a Global security group
Permission delegated to ComputerAdmins at CorpNet.local
Granted Join a computer to the domain permission
Create and delegate permissions to the GPOLinkAdmins groupHide Details
Create the group in the Users container
Create the group as a Global security group
Delegate permissions to manage GPO links for the Accounting OU
Delegate permissions to manage GPO links for the Marketing OU
Delegate permissions to manage GPO links for the Research-Dev OU
Delegate permissions to manage GPO links for the Sales OU
Delegate permissions to manage GPO links for the Support OU
EXPLANATION
While completing this lab, use the following groups:
PasswordAdmins – can reset passwords for any user in the domain and force password
change at next logon.
ComputerAdmins – can join computers to the domain.
GPOLinkAdmins – can manage GPO links for Accounting, Marketing, Research-Dev, Sales,
and Support OUs.
Lab Report
Time Spent: 06:47
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Create the Workstation Settings GPO
Link the GPO to the TempMarketing OU
Link the GPO to the TempSales OU
Link the GPO to the Support OU
Import the policy from C:\Templates\ws_sec.inf
EXPLANATION
While completing this lab, use the following information:
Link the Workstation Settings GPO to the following organizational units (OUs):
o Marketing > TempMarketing
o Sales > TempSales
o Support
2. Create the Workstation Settings GPO and link it to the CorpNet.local domain.
Enable the Administrative Templates central store by creating a Starter GPOs folder.
Create a starter GPO named DNS Settings.
Configure the DNS Settings policies:
o DNS Servers:
State: Enable
IP addresses: 192.168.0.11 and 192.168.10.11
(Use a space to separate the two addresses.)
o Primary DNS Suffix:
State: Enable
DNS suffix: CorpNet.local
o Register PTR Records:
State: Enabled
Option: Register
o Dynamic Update:
State: Enabled
o Turn off smart multi-home Name Resolution:
State: Enabled
(Enabling the policy turns off LLMNR.)
Create a new GPO named CommonGPO using the new starter GPO you created. Do not
link the GPO at this time.
Verify that the starter GPO settings were applied to the CommonGPO.
Lab Report
Time Spent: 45:32
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Create the Starter GPOs folder
Create the DNS Settings starter GPO
Configure the DNS Settings GPO policiesHide Details
DNS Servers Policy
Enabled
IP addresses: 192.168.0.11 and 192.168.10.11
Primary DNS Suffix Policy
Enabled
DNS suffix: CorpNet.local
Register PTR Records Policy
Enabled
Always register PTR records
Enable dynamic updates
Disable multicast name resolution
Create the CommonGPO GPO
Verify the CommonGPO policy settingsHide Details
DNS server settings verified
Enabled
IP addresses: 192.168.0.11 and 192.168.10.11
CorpNet.local as the primary DNS suffix verified
Enabled
DNS suffix: CorpNet.local
Always register PTR records verified
Enabled
Always register PTR records
Enable dynamic updates verified
Disable multicast name resolution verified
EXPLANATION
While completing this lab, use the following policy information:
Policy State
In this lab, your task is to edit the Default Domain Policy and configure the account policy settings as
follows:
Lab Report
Time Spent: 08:06
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Configure the password policesHide Details
Enforce password history to remember 10 passwords
Users must change passwords every 90 days
Users cannot change a new password for at least 14 days
Passwords must be at least 10 characters long
Enforce password complexity
Configure the account lockout policiesHide Details
If 5 incorrect passwords are entered, lock the account
After a failed logon attempt, lock the account for 10 minutes
Keep accounts locked for 60 minutes and then unlock the account automatically
EXPLANATION
Complete this lab as follows:
In this lab, your task is to configure the following audit policy settings in WorkstationGPO:
Audit: Shut down system immediately if unable to log security audits Enabled
Retention method for security Define: Do not overwrite events (clear log
log manually)
Success and
Account Logon: Audit Credential Validation
Failure
Success and
Account Management: Audit User Account Management
Failure
Success and
Account Management: Audit Security Group Management
Failure
Success and
Logon/Logoff: Audit Logon
Failure
Logon/Logoff: Audit Logoff Success
Success and
Policy Change: Audit Audit Policy Change
Failure
Success and
Privilege Use: Audit Sensitive Privilege Use
Failure
Success and
System: Audit System Integrity
Failure
Success and
System: Audit Security System Extension
Failure
Success and
System: Audit Security State Change
Failure
Success and
System: Audit IPsec Driver
Failure
Do not use the old audit policies located in Computer Configuration > Policies > Windows
Settings > Security Settings > Local Policies > Audit Policies.
Lab Report
Time Spent: 17:10
Score: 9/9 (100%)
TASK SUMMARY
Required Actions
Enable Audit PoliciesHide Details
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy
category settings:--Enabled
Audit: Shut down system immediately if unable to log security audits--Enabled
Enable Event Log Policy
Enable Account Logon Audit Policy
Enable Account Management Audit PoliciesHide Details
Audit User Account Management: Success and Failure
Audit Security Group Management: Success and Failure
Audit Other Account Management Events: Success and Failure
Audit Computer Account Management: Success
Enable Detailed Tracking Audit Policy
Enable Logon-Logoff Audit PoliciesHide Details
Audit Logon: Success and Failure
Audit Logoff: Success
Enable Policy Change Audit PoliciesHide Details
Audit Authentication Policy Change: Success
Audit Audit Policy Change: Success and Failure
Enable Privelege Use Audit Policy
Enable System Audit PoliciesHide Details
Audit System Integrity: Success and Failure
Audit Security System Extension: Success and Failure
Audit Security State Change: Success and Failure
Audit IPsec Driver: Success and Failure
EXPLANATION
While completing this lab, use the following WorkstationGPO settings:
Audit: Shut down system immediately if unable to log security audits Enabled
Retention method for security Define: Do not overwrite events (clear log
log manually)
In this lab, your task is to add the following groups to the associated User Rights Assignment policy,
located in the ServerGPO policy object, from the CorpDC server:
Lab Report
Time Spent: 04:35
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Configure Allow log on locally in ServerGPO
Configure Allow log on through Remote Desktop Services in ServerGPO
Configure Manage auditing and security log in ServerGPO
Configure Perform volume maintenance tasks in ServerGPO
Configure Shut down the system in ServerGPO
EXPLANATION
While completing this lab, use the following information:
Group Policy
Policy Setting
Object
Lab Report
Time Spent: 13:40
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Edit the Default Domain Policy security optionsHide Details
Disable the local guest account
Rename the local administrator account skycaptain
Do not display the last logon username
Do not allow anonymous SID/name translation
Do not allow anonymous SAM account enumeration
Do not allow anonymous SAM account and share enumeration
Edit the SupportGPO security optionsHide Details
Do not cache previous logons
Require domain controller authentication to unlock the computer
Force logoff when logon hours expire
Do not allow system shutdown without a logon
Disable the user settings in SupportGPO
EXPLANATION
While completing this lab, use the following onformation:
Group Policy
Policy Setting
Object
Default Domain
Network access: Allow anonymous SID/Name translation Disabled
Policy
In this lab, your task is to configure UAC settings in the Default Domain Policy on
CorpDC as follows:
Lab Report
Time Spent: 08:03
Score: 10/10 (100%)
TASK SUMMARY
Required Actions
Admin Approval mode for the built-in Administrator account: Enabled
Allow UIAccess applications to prompt for elevation without using the secure desktop: Disabled
Behavior of the elevation prompt for administrators in Admin Approval mode: Prompt for
credentials
Behavior of the elevation prompt for standard users: Automatically deny elevation requests
Detect application installations and prompt for elevation: Enabled
Only elevate UIAccess applications that are installed in secure locations: Enabled
Only elevate executables that are signed and validated: Disabled
Run all administrators in Admin Approval mode: Enabled
Switch to the secure desktop when prompting for elevation: Enabled
Virtualize file and registry write failures to per-user locations: Enabled
EXPLANATION
While completing this lab, use the following information when configuring the UAC settings.
Automatically deny
Behavior of the elevation prompt for standard users
elevation requests