Incorrect: Windows Firewall does not allow you to create firewall rules for specific network locations on the basis of port address.. Windows Firewall does not allow you to create rules
Trang 1B. Correct: This procedure accesses the Local Area Connections Properties dialog box
c. Correct: This is an alternative method of accessing the Local Area Connections Properties
dialog box
D. Correct: Double-clicking the LAN connection opens the Local Area Connection
Status dialog box Clicking Properties accesses the Local Area Connections Properties
dialog box
3. Correct answer: D
a. Incorrect: DNS resolves computer names to IP addresses You are pinging the computers
by their IPv4 addresses, not their computer names, and a DNS service is not required for
the commands to succeed
B. Incorrect: All computers on the same subnet must have the same subnet mask
c. Incorrect: The subnet is isolated and no gateway is required to send traffic to other
networks You do not need to define a gateway to implement connectivity between two
computers within the same subnet
D. Correct: By default Windows Firewall blocks the Ping command You need to enable
ICMPv4 traffic at both firewalls At an elevated command prompt on both computers,
enter netsh advfirewall firewall add rule name=”ICMpv4”
4. Correct Answer: B
a. Incorrect: This sets a /24 subnet mask The question specifies a /25 subnet mask
(255 255 255 128)
B. Correct: This configures a static IPv4 address 10 0 10 162 on the 10 0 10 128/25 subnet
c. Incorrect: This specifies dynamic configuration
D. Incorrect: The 10 0 10 128/25 subnet has an IPv4 address range 10 0 10 129 through
10 0 10 254 The IPv4 address 10 0 10 16 is not on this subnet
5. Correct Answers: C and D
a. Incorrect: The command netsh interface ipv4 show route shows route table entries, but it
does not display IPv6 routes
B. Incorrect: The command tracert –d traces the route of an IP packet through an
internetwork It lists the path the packet took and the delays encountered at each hop
The –d flag prevents the tool from resolving IPv4 addresses to host names The command
does not display a route table
c. Correct: The command route print displays both the IPv4 and IPv6 route tables
D. Correct: The command netstat –r displays the same output as the route print
command
e. Incorrect: The command netstat –a displays all active connections and the TCP and UDP
ports on which the computer is listening It does not display a route table
Trang 2804 Answers
Lesson 2
1. Correct Answer: A
a. Correct: Typically you would use a site-local address If every device on the subnet had
a global address, you could also use global addresses, but this option is not given in the question
B. Incorrect: If you use link-local addresses, you need to specify their interface IDs Also,
link-local addresses are not dynamically registered in Windows DDNS It is therefore much easier to use site-local addresses and typically they are used for this purpose
c. Incorrect: Only two special addresses exist, :: and ::1 Neither can implement IPv6
connectivity over a private network
D. Incorrect: An anycast address is configured only on a router and cannot implement IPv6
connectivity over a private network Also, it is not a unicast address
2. Correct Answer: B
a. Incorrect: The address fec0:0:0:0:fffe::1 is a site-local unicast IPv6 address that identifies
a node in a site or intranet This type of address is the equivalent of an IPv6 private address (for example, 10 0 0 1), and is not globally routable and reachable on the IPv6 Internet
B. Correct: The address 21cd:53::3ad:3f:af37:8d62 is a global unicast address This type of
address is the IPv6 equivalent of an IPv4 public unicast addresses and is globally routable and reachable on the IPv6 Internet
c. Incorrect: The address fe80:d1ff:d166:7888:2fd6 is a link-local unicast IPv6 address
and is autoconfigured on a local subnet It is the equivalent of an IPv4 APIPA address (for example, 169 254 10 123), and it is not globally routable or reachable on the IPv6 Internet
D. Incorrect: The loopback address ::1 identifies a loopback interface and is equivalent to
the IPv4 loopback address 127 0 0 1 It is not globally routable or reachable on the IPv6 Internet
3. Correct Answer: D
a. Incorrect: ARP is a broadcast-based protocol used by IPv4 to resolve IPv4 addresses to
MAC addresses It does not manage the interaction of neighboring nodes and resolve IPv6 addresses to MAC addresses
B. Incorrect: DNS is a service rather than a protocol It resolves computer names to IP
addresses It does not manage the interaction of neighboring nodes and resolve IPv6
addresses to MAC addresses.
c. Incorrect: DHCPv6 assigns stateful IPv6 configurations It does not manage the
interaction of neighboring nodes and resolve IPv6 addresses to MAC addresses
D. Correct: ND uses ICMPv6 messages to manage the interaction of neighboring nodes and
resolve IPv6 addresses to MAC addresses
Trang 34. Correct Answer: A
a. Correct: This is a Teredo compatibility address Teredo addresses start with 2001
B. Incorrect: This is a 6to4 compatibility address 6to4 addresses start with 2002
c. Incorrect: This is a link-local ISATAP address Look for 5efe followed by the hexadecimal
representation of an IPv4 address, in this case 10 0 2 143
D. Incorrect: This is a site-local Ipv6 address It is not an IPv4-to-IPv6 compatibility address
5. Correct Answer: C
a. Incorrect: A PTR resource record performs a reverse lookup and resolves an IPv4 or IPv6
address (depending on the reverse lookup zone specified) to a host name
B. Incorrect: An A (address) resource record resolves a host name to an IPv4 address
c. Correct: An AAAA (quad-A) resource record resolves a host name to an IPv6 address
D. Incorrect: A host resource record is another name for an A record It resolves a host
name to an IPv4 address
Lesson 3
1. Correct Answer: C
a. Incorrect: The user’s computer works fine in the office There is no need to reconfigure
the office network
B. Incorrect: The order in which the user’s computer accesses networks is not the problem
The problem occurs when her computer is within range of two wireless networks and
switches between them
c. Correct: The likely cause of the reported behavior is that the lounge area of the hotel
is within range of (and possibly equidistant between) two wireless networks and keeps
switching between them You can disable this feature or tell the user how to do so You
need to warn the user that if she moves to another part of the hotel, she might need to
reconnect to a network
D. Incorrect: The user’s laptop is working in the office and her hotel room There is nothing
wrong with her wireless adapter
2. Correct Answer: A
a. Correct: The MAC address is unique to an interface and does not change MAC ensures
that only computers whose wireless interfaces have one of the listed MAC addresses can
access a wireless network Be aware that if a new computer needs to access the network,
or if you replace the wireless adapter in a computer, you need to register the new MAC
address in the WAP
B. Incorrect: Most networks are configured by using DHCP so IPv4 addresses can change
Even in networks where IPv4 addresses are statically configured, it is unlikely that the
WAP supports IPv4 address control
Trang 4806 Answers
c. Incorrect: WEP is an encryption method that ensures that third parties cannot read
messages if they intercept them It does not determine which computers can access
a network
D. Incorrect: Like WEP, WPA is an encryption method and does not determine which
computers can access a network
3. Correct Answers: C, E, and F
a. Incorrect: The Network Diagnostic tool is not a system tool and can’t be accessed from
the System Tools menu
B. Incorrect: You run the Windows Network Diagnostic tool when you have a problem It
is not a tool that you schedule to run on a regular basis and it is not in the task scheduler library
c. Correct: You can run the Network Diagnostic tool from the Network And Sharing
Center
D. Incorrect: You cannot access the Windows Network Diagnostic tool from the Adapter
Properties dialog box This dialog box is used for configuration, not diagnosis
e. Correct: You can run the Windows Network Diagnostic tool when you fail to connect to
a Web page
F. Correct: You can run the Windows Network Diagnostic tool for a specific connection by
accessing the Network Connections dialog box
4. Correct Answer: B
a. Incorrect: Windows Firewall protects Don’s computer and is enabled by default His
neighbor is accessing his WAP, not his computer
B. Correct: Don found the WAP setup easy because he accepted all the defaults and did not
set up any security He needs to change his SSID from its default value He should also configure encryption and set up a passphrase He should change the access password He should consider restricting access by MAC address
c. Incorrect: Changing the WAP channel can solve problems related to interference from
mobile phones or microwave ovens (for example) It does not affect access to a network
D. Incorrect: ICS enables other computers to obtain their IPv4 configuration from the ICS
computer Unless Don has non-wireless computers connected through a wired interface
to his wireless computer, he does not need to set up ICS Additional wireless computers obtain their configurations directly from the WAP This has no bearing on whether his neighbor can access his network
5. Correct Answer: D
a. Incorrect: This specifies LaserF2 as the default printer whatever floor Sam is on and
whatever network he is connected to This causes problems because Sam cannot connect
to LaserF2 when he is on the third floor
B. Incorrect: This specifies LaserF3 as the default printer whatever floor Sam is on and
whatever network he is connected to This causes problems because Sam cannot connect
to LaserF3 when he is on the second floor
Trang 5c. Incorrect: This specifies LaserF3 as the default printer when Sam is on the second floor
and LaserF2 as the default printer when Sam is on the third floor This causes problems
because LaserF3 is on a network that is not accessible from the second floor and LaserF2
is on a network that is not accessible from the third floor
D. Correct: This specifies LaserF2 as the default printer when Sam is on the second floor and
LaserF3 as the default printer when Sam is on the third floor, which is the required scenario
Chapter 6: Case Scenario answers
Case Scenario 1: Implementing IPv4 Connectivity
1 Your friend needs to set up ICS on the computer that connects to his modem He needs to
ensure that the other computers on his network obtain their IPv4 configuration automatically When he has configured ICS on the first computer, he should reboot the other two
2 He should plug the WAP into his cable modem though its WLAN connection He then should connect the three wired desktop computers to the Ethernet ports on the WAP and configure
the WAP from one of them using its Web interface He can connect the wireless computer
to his network through Network And Sharing Center or by clicking the Wireless icon on the
bottom left section of his screen
Case Scenario 2: Implementing IPv6 Connectivity
1 Site-local IPv6 addresses are the direct equivalent of private IPv4 addresses and are routable
between VLANs However, you could also consider configuring every device on your network with an aggregatable global unicast IPv6 address NAT and CIDR were introduced to address
a lack of IPv4 address space, and this is not a problem in IPv6 You cannot use only link-local
IPv6 addresses in this situation because they are not routable
2 This is a Teredo address associated with a Teredo tunnel It is used to implement compatibility between IPv6 and IPv4
Case Scenario 3: Using Laptop Computers Running
Windows 7 on Wireless Networks
1 Windows 7 introduces location-aware printing The employee can use the office printer as her default printer while at Margie’s Travel and her inkjet printer as her default printer while at
home The switchover is seamless and automatic provided that both printers are designated
as the default printers
2 Windows 7 introduces the Network Printer Installation Wizard This is easier to use than the
Add Printer Wizard and users can install printers without requiring administrative privileges
3 The employee is unfortunate because his desk is located where two wireless networks
overlap If it is impractical to move the employee’s desk, you can disable automatic switching This solves the problem, but the employee should be advised that he would need to connect
to a network manually if he moves to some other areas in the building
Trang 6808 Answers
Chapter 7: Lesson review answers
Lesson 1
1. Correct Answer: B
a. Incorrect: Inbound rules are used to block traffic from the network to the computer You
want to block a specific type of network traffic from the computer to the network, which necessitates the use of outbound rules
B. Correct: Outbound rules allow you to block and allow traffic that originates on the
computer from traveling out to the network You should configure an outbound rule to block students from using FTP to upload files to sites on the Internet and an outbound rule to allow students to use SMTP to send e-mail
c. Incorrect: Isolation rules are used to limit the hosts that a computer can communicate
with to those that meet a specific set of authentication criteria They cannot be used to block an outbound specific protocol
D. Incorrect: Authentication exemption rules are used in conjunction with Isolation
rule to allow connections to be made without requiring that authentication occur Authentication exemption rules apply to inbound traffic rather than outbound
2. Correct Answers: B and C
a. Incorrect: Windows Firewall does not allow you to create firewall rules for specific
network locations on the basis of port address Windows Firewall does not allow you to create rules that differentiate between the home and work network locations You can only create rules that differentiate on the basis of home and work or public network locations
B. Correct: You can use WFAS to create firewall rules on the basis of port address and on
the basis of network location
c. Correct: You can use the Netsh command-line utility to create WFAS rules WFAS rules
allow you to create firewall rules on the basis of port address and on the basis of network location
D. Incorrect: Netstat is a tool used to provide information about network traffic You
cannot use Netstat to create firewall rules
3. Correct Answer: C
a. Incorrect: The rule in the question allows traffic rather than blocks traffic
B. Incorrect: The rule in the question applies to inbound traffic rather than outbound
traffic
c. Correct: This rule, called CustomRule, applies in the domain profile and allows inbound TCP
traffic on port 80 You can create WFAS rules using Netsh in the advfirewall context
D. Incorrect: The rule in the question is an inbound rule rather than an outbound rule
Trang 74. Correct Answer: B
a. Incorrect: Although you can create rules based on applications using Windows Firewall,
you cannot use this tool to create rules that require that incoming connections be
authenticated
B. Correct: WFAS allows you to create detailed rules that include the ability to allow
incoming traffic only if it is authenticated
c. Incorrect: Credential Manager stores authentication credentials It cannot be used to
create firewall rules that require authentication
D. Incorrect: Authorization Manager allows you to configure roles for the delegation of
administrative privileges You cannot use Authorization Manager to create firewall rules
that require authentication
5. Correct Answers: A and D
a. Correct: You should configure Windows Firewall to notify you when it blocks a program in
the Home Or Work (Private) Network Location Settings area This ensures that you receive
a message when a new program is blocked when connected to this network profile
B. Incorrect: You should not disable the setting related to receiving a message when
a new program is blocked in the Home Or Work (Private) Network Location Settings area because this means that you do not receive a message when a program is blocked
c. Incorrect: You should not enable the setting related to receiving a message when a new
program is blocked in the Public Network Location Settings area because this notifies you when a new program is blocked The question text states that you should not be notified
when this occurs
D. Incorrect: You should disable the setting related to receiving a message when a new
program is blocked in the Public Network Location Settings area because this ensures
that you are not notified when a program is blocked
Lesson 2
1. Correct Answer: C
a. Incorrect: You should not enable Remote Assistance Remote Assistance requires that
someone is logged on to the computer that you wish to manage remotely
B. Incorrect: You should not enable the Remote Desktop: Don’t Allow Connections To This
Computer option because that blocks the ability to make Remote Desktop connections
c. Correct: You should enable the Remote Desktop: Allow Connections From Computer
Running Any Version Of Remote Desktop setting because this allows you to connect to
a computer running Windows 7 from a computer running Windows XP with SP2
D. Incorrect: You should not enable the Remote Desktop: Allow Connections Only From
Computers With Network Level Authentication as clients running Windows XP with
SP2 are unable to connect to clients running Windows 7 when this option is enabled
Windows XP requires SP3 and special configuration to use Network-Level Authentication
Trang 8810 Answers
2. Correct Answer: B
a. Incorrect: You need to configure client Beta rather than client Alpha using the WinRM
Quickconfig command
B. Correct: You need to run the command WinRM Quickconfig on client Beta before you
can manage it remotely from client Alpha using Windows PowerShell This command starts the WinRM service, configures a listener for the ports that send and receive WS-Management protocol messages, and configures firewall exceptions
c. Incorrect: It is not necessary to create a firewall rule on client Alpha
D. Incorrect: Although it is necessary to create a firewall rule on client Beta, it is also
necessary to configure a listener for WS-Management protocol messages and to start the
WinRM service All these tasks can be accomplished by running the WinRM quickconfig
command Only one of these tasks can be accomplished by creating a firewall rule
3. Correct Answer: B
a. Incorrect: The command nslookup Aberdeen provides the computer’s IP address but
does not provide the MAC address
B. Correct: The command winrs –r:Aberdeen ipconfig /all runs the command ipconfig /all on
Aberdeen but displays the results on the computer that you are logged on to, which in
this case is computer Canberra Ipconfig /all displays a computer’s MAC address
c. Incorrect: You should not use the command winrs –r:Canberra ipconfig /all because this
displays computer Canberra’s IP address information, not the IP address information of computer Aberdeen
D. Incorrect: The command arp –a displays information about IP addresses and MAC
addresses on the same subnet but does not display MAC address information about computers on remote subnets To use this command to determine another computer’s MAC address, you also have to know that computer’s IP address
4. Correct Answer: B
a. Incorrect: The Windows PowerShell command icm Canberra {Get-Process} displays
process information from computer Canberra, not computer Aberdeen
B. Correct: The Windows PowerShell command icm Aberdeen {Get-Process} opens a remote
Windows PowerShell session to computer Aberdeen and runs the Get-Process cmdlet,
which displays process information, including listing data about CPU and memory usage
c. Incorrect: You cannot use WinRS to invoke a Windows PowerShell cmdlet You must use
Windows PowerShell with the syntax icm remotehost {PowerShell Cmdlet} to use Windows
PowerShell remotely
D. Incorrect: You cannot use WinRS to invoke a Windows PowerShell cmdlet You must use
Windows PowerShell with the syntax icm remotehost {PowerShell Cmdlet} to use Windows
PowerShell remotely In this example, WinRS targets computer Canberra rather than computer Aberdeen
Trang 95. Correct Answer: D
a. Incorrect: The WinRM service is required for remote use of Windows PowerShell and
Remote Shell The WinRM service is not required for Remote Assistance
B. Incorrect: A client does not have to be configured to accept Remote Desktop sessions
to use Remote Assistance, so this setting does not explain why the connection cannot be
made Clients running Windows 7 always support Network Level Authentication
c. Incorrect: The helper does not need to log on to the target computer when participating
in a Remote Assistance session, so it does not matter what groups her user account is
a member of A Remote Assistance session allows the helper to see the desktop of the
currently logged-on user, so everything that is done within that session is done with the
currently logged-on user’s privileges
D. Correct: If the Remote Assistance panel is closed, it stops any possible Remote Assistance
connection
Chapter 7: Case Scenario answers
Case Scenario 1: University Client Firewalls
1 Configure a Windows Firewall rule that allows incoming Web traffic on the local subnet This
allows people at the conference to connect to the Web site but does not allow people from
other networks to make similar connections
2 You should configure a port-based outbound rule to block the file sharing program in the
undergraduate computer lab Port-based rules allow you to block specific ports and can be
useful when the programs that use those ports have different identities
3 You could create a set of firewall rules on a reference computer and export them to a USB
flash device You could then import the firewall rules on each of the other stand-alone
computers in the postgraduate computer laboratory
Case Scenario 2: Antarctic Desktop Support
1 As installing the application requires the ability to elevate privileges, you need to connect to
the client running Windows 7 using Remote Desktop and log on
2 Add the user’s account to the Remote Desktop Users group on the client running Windows 7
at the Antarctic base If the user at the Tasmanian office is using a client running Windows
XP, ensure that the settings on the client running Windows 7 in Antarctica do not require
Network Level Authentication
3 Before you can run Windows PowerShell scripts remotely against the clients running
Windows 7, you need to run the WinRM Quickconfig command from an elevated command
prompt on each computer
Trang 10812 Answers
Chapter 8: Lesson review answers
Lesson 1
1. Correct Answers: B, C, and D
a. Incorrect: You do not need to share each data folder; you can add them to a common
library and then share the library using HomeGroups
B. Correct: You should create a new library named Sci_Data, add each instrument’s separate
data folder to the library, and then share it using the HomeGroup control panel
c. Correct: You should create a new library named Sci_Data, add each instrument’s separate
data folder to the library, and then share it using the HomeGroup control panel
D. Correct: You should create a new library named Sci_Data, add each instrument’s separate
data folder to the library, and then share it using the HomeGroup control panel
2. Correct Answer: C
a. Incorrect: The Print permission allows a user to manage their documents but not the
documents of others
B. Incorrect: Users that you assign the Manage This Printer permission are able to
reconfigure printer permissions They are not able to manage the documents of other users directly, though they can assign themselves the Manage Documents permission and accomplish this task indirectly
c. Correct: When you assign a person the Manage Documents permission, she is able to
reorder any documents in the queue and cancel them
D. Incorrect: The Power Users group is included for backward compatibility with earlier
versions of Windows Assigning a user to the Power Users group does not confer any printer permissions
3. Correct Answers: A and B
a. Correct: You can use the net share command to view share names and the folders with
which those folders are associated
B. Correct: You can use the Computer Management console to view share names and the
folders with which those shares are associated
c. Incorrect: Libraries allows you to configure libraries You cannot use Libraries to
determine which shared folders a client running Windows 7 hosts because it is possible to host shared folders that are not libraries
D. Incorrect: You can use Network And Sharing Center to configure sharing options, but
you cannot use Network And Sharing Center to determine which shared folders a client running Windows 7 hosts
4. Correct Answer: B
a. Incorrect: You should not assign the Read permission If you assign this permission, users
are unable to modify or delete files