Chapter 6: Lesson Review Answers Answers 803 B. Correct: This procedure accesses the Local Area Connections Properties dialog box. c. Correct: This is an alternative method of accessing the Local Area Connections Properties dialog box. D. Correct: Double-clicking the LAN connection opens the Local Area Connection Status dialog box. Clicking Properties accesses the Local Area Connections Properties dialog box. 3. Correct answer: D a. Incorrect: DNS resolves computer names to IP addresses. You are pinging the computers by their IPv4 addresses, not their computer names, and a DNS service is not required for the commands to succeed. B. Incorrect: All computers on the same subnet must have the same subnet mask. c. Incorrect: The subnet is isolated and no gateway is required to send traffic to other networks. You do not need to define a gateway to implement connectivity between two computers within the same subnet. D. Correct: By default Windows Firewall blocks the Ping command. You need to enable ICMPv4 traffic at both firewalls. At an elevated command prompt on both computers, enter netsh advfirewall firewall add rule name=”ICMPv4”. 4. Correct Answer: B a. Incorrect: This sets a /24 subnet mask. The question specifies a /25 subnet mask (255.255.255.128). B. Correct: This configures a static IPv4 address 10.0.10.162 on the 10.0.10.128/25 subnet. c. Incorrect: This specifies dynamic configuration. D. Incorrect: The 10.0.10.128/25 subnet has an IPv4 address range 10.0.10.129 through 10.0.10.254. The IPv4 address 10.0.10.16 is not on this subnet. 5. Correct Answers: C and D a. Incorrect: The command netsh interface ipv4 show route shows route table entries, but it does not display IPv6 routes. B. Incorrect: The command tracert –d traces the route of an IP packet through an internetwork. It lists the path the packet took and the delays encountered at each hop. The –d flag prevents the tool from resolving IPv4 addresses to host names. The command does not display a route table. c. Correct: The command route print displays both the IPv4 and IPv6 route tables. D. Correct: The command netstat –r displays the same output as the route print command. e. Incorrect: The command netstat –a displays all active connections and the TCP and UDP ports on which the computer is listening. It does not display a route table. 8 0 4 Answers Lesson 2 1. Correct Answer: A a. Correct: Typically you would use a site-local address. If every device on the subnet had a global address, you could also use global addresses, but this option is not given in the question. B. Incorrect: If you use link-local addresses, you need to specify their interface IDs. Also, link-local addresses are not dynamically registered in Windows DDNS. It is therefore much easier to use site-local addresses and typically they are used for this purpose. c. Incorrect: Only two special addresses exist, :: and ::1. Neither can implement IPv6 connectivity over a private network. D. Incorrect: An anycast address is configured only on a router and cannot implement IPv6 connectivity over a private network. Also, it is not a unicast address. 2. Correct Answer: B a. Incorrect: The address fec0:0:0:0:fffe::1 is a site-local unicast IPv6 address that identifies a node in a site or intranet. This type of address is the equivalent of an IPv6 private address (for example, 10.0.0.1), and is not globally routable and reachable on the IPv6 Internet. B. Correct: The address 21cd:53::3ad:3f:af37:8d62 is a global unicast address. This type of address is the IPv6 equivalent of an IPv4 public unicast addresses and is globally routable and reachable on the IPv6 Internet. c. Incorrect: The address fe80:d1ff:d166:7888:2fd6 is a link-local unicast IPv6 address and is autoconfigured on a local subnet. It is the equivalent of an IPv4 APIPA address (for example, 169.254.10.123), and it is not globally routable or reachable on the IPv6 Internet. D. Incorrect: The loopback address ::1 identifies a loopback interface and is equivalent to the IPv4 loopback address 127.0.0.1. It is not globally routable or reachable on the IPv6 Internet. 3. Correct Answer: D a. Incorrect: ARP is a broadcast-based protocol used by IPv4 to resolve IPv4 addresses to MAC addresses. It does not manage the interaction of neighboring nodes and resolve IPv6 addresses to MAC addresses. B. Incorrect: DNS is a service rather than a protocol. It resolves computer names to IP addresses. It does not manage the interaction of neighboring nodes and resolve IPv6 addresses to MAC addresses. c. Incorrect: DHCPv6 assigns stateful IPv6 configurations. It does not manage the interaction of neighboring nodes and resolve IPv6 addresses to MAC addresses. D. Correct: ND uses ICMPv6 messages to manage the interaction of neighboring nodes and resolve IPv6 addresses to MAC addresses. Chapter 6: Lesson Review Answers Answers 805 4. Correct Answer: A a. Correct: This is a Teredo compatibility address. Teredo addresses start with 2001. B. Incorrect: This is a 6to4 compatibility address. 6to4 addresses start with 2002. c. Incorrect: This is a link-local ISATAP address. Look for 5efe followed by the hexadecimal representation of an IPv4 address, in this case 10.0.2.143. D. Incorrect: This is a site-local Ipv6 address. It is not an IPv4-to-IPv6 compatibility address. 5. Correct Answer: C a. Incorrect: A PTR resource record performs a reverse lookup and resolves an IPv4 or IPv6 address (depending on the reverse lookup zone specified) to a host name. B. Incorrect: An A (address) resource record resolves a host name to an IPv4 address. c. Correct: An AAAA (quad-A) resource record resolves a host name to an IPv6 address. D. Incorrect: A host resource record is another name for an A record. It resolves a host name to an IPv4 address. Lesson 3 1. Correct Answer: C a. Incorrect: The user’s computer works fine in the office. There is no need to reconfigure the office network. B. Incorrect: The order in which the user’s computer accesses networks is not the problem. The problem occurs when her computer is within range of two wireless networks and switches between them. c. Correct: The likely cause of the reported behavior is that the lounge area of the hotel is within range of (and possibly equidistant between) two wireless networks and keeps switching between them. You can disable this feature or tell the user how to do so. You need to warn the user that if she moves to another part of the hotel, she might need to reconnect to a network. D. Incorrect: The user’s laptop is working in the office and her hotel room. There is nothing wrong with her wireless adapter. 2. Correct Answer: A a. Correct: The MAC address is unique to an interface and does not change. MAC ensures that only computers whose wireless interfaces have one of the listed MAC addresses can access a wireless network. Be aware that if a new computer needs to access the network, or if you replace the wireless adapter in a computer, you need to register the new MAC address in the WAP. B. Incorrect: Most networks are configured by using DHCP so IPv4 addresses can change. Even in networks where IPv4 addresses are statically configured, it is unlikely that the WAP supports IPv4 address control. 806 Answers c. Incorrect: WEP is an encryption method that ensures that third parties cannot read messages if they intercept them. It does not determine which computers can access a network. D. Incorrect: Like WEP, WPA is an encryption method and does not determine which computers can access a network. 3. Correct Answers: C, E, and F a. Incorrect: The Network Diagnostic tool is not a system tool and can’t be accessed from the System Tools menu. B. Incorrect: You run the Windows Network Diagnostic tool when you have a problem. It is not a tool that you schedule to run on a regular basis and it is not in the task scheduler library. c. Correct: You can run the Network Diagnostic tool from the Network And Sharing Center. D. Incorrect: You cannot access the Windows Network Diagnostic tool from the Adapter Properties dialog box. This dialog box is used for configuration, not diagnosis. e. Correct: You can run the Windows Network Diagnostic tool when you fail to connect to a Web page. F. Correct: You can run the Windows Network Diagnostic tool for a specific connection by accessing the Network Connections dialog box. 4. Correct Answer: B a. Incorrect: Windows Firewall protects Don’s computer and is enabled by default. His neighbor is accessing his WAP, not his computer. B. Correct: Don found the WAP setup easy because he accepted all the defaults and did not set up any security. He needs to change his SSID from its default value. He should also configure encryption and set up a passphrase. He should change the access password. He should consider restricting access by MAC address. c. Incorrect: Changing the WAP channel can solve problems related to interference from mobile phones or microwave ovens (for example). It does not affect access to a network. D. Incorrect: ICS enables other computers to obtain their IPv4 configuration from the ICS computer. Unless Don has non-wireless computers connected through a wired interface to his wireless computer, he does not need to set up ICS. Additional wireless computers obtain their configurations directly from the WAP. This has no bearing on whether his neighbor can access his network. 5. Correct Answer: D a. Incorrect: This specifies LaserF2 as the default printer whatever floor Sam is on and whatever network he is connected to. This causes problems because Sam cannot connect to LaserF2 when he is on the third floor. B. Incorrect: This specifies LaserF3 as the default printer whatever floor Sam is on and whatever network he is connected to. This causes problems because Sam cannot connect to LaserF3 when he is on the second floor. Chapter 6: Case Scenario Answers Answers 807 c. Incorrect: This specifies LaserF3 as the default printer when Sam is on the second floor and LaserF2 as the default printer when Sam is on the third floor. This causes problems because LaserF3 is on a network that is not accessible from the second floor and LaserF2 is on a network that is not accessible from the third floor. D. Correct: This specifies LaserF2 as the default printer when Sam is on the second floor and LaserF3 as the default printer when Sam is on the third floor, which is the required scenario. Chapter 6: Case Scenario Answers Case Scenario 1: Implementing IPv4 Connectivity 1. Your friend needs to set up ICS on the computer that connects to his modem. He needs to ensure that the other computers on his network obtain their IPv4 configuration automatically. When he has configured ICS on the first computer, he should reboot the other two. 2. He should plug the WAP into his cable modem though its WLAN connection. He then should connect the three wired desktop computers to the Ethernet ports on the WAP and configure the WAP from one of them using its Web interface. He can connect the wireless computer to his network through Network And Sharing Center or by clicking the Wireless icon on the bottom left section of his screen. Case Scenario 2: Implementing IPv6 Connectivity 1. Site-local IPv6 addresses are the direct equivalent of private IPv4 addresses and are routable between VLANs. However, you could also consider configuring every device on your network with an aggregatable global unicast IPv6 address. NAT and CIDR were introduced to address a lack of IPv4 address space, and this is not a problem in IPv6. You cannot use only link-local IPv6 addresses in this situation because they are not routable. 2. This is a Teredo address associated with a Teredo tunnel. It is used to implement compatibility between IPv6 and IPv4. Case Scenario 3: Using Laptop Computers Running Windows 7 on Wireless Networks 1. Windows 7 introduces location-aware printing. The employee can use the office printer as her default printer while at Margie’s Travel and her inkjet printer as her default printer while at home. The switchover is seamless and automatic provided that both printers are designated as the default printers. 2. Windows 7 introduces the Network Printer Installation Wizard. This is easier to use than the Add Printer Wizard and users can install printers without requiring administrative privileges. 3. The employee is unfortunate because his desk is located where two wireless networks overlap. If it is impractical to move the employee’s desk, you can disable automatic switching. This solves the problem, but the employee should be advised that he would need to connect to a network manually if he moves to some other areas in the building. 808 Answers Chapter 7: Lesson Review Answers Lesson 1 1. Correct Answer: B a. Incorrect: Inbound rules are used to block traffic from the network to the computer. You want to block a specific type of network traffic from the computer to the network, which necessitates the use of outbound rules. B. Correct: Outbound rules allow you to block and allow traffic that originates on the computer from traveling out to the network. You should configure an outbound rule to block students from using FTP to upload files to sites on the Internet and an outbound rule to allow students to use SMTP to send e-mail. c. Incorrect: Isolation rules are used to limit the hosts that a computer can communicate with to those that meet a specific set of authentication criteria. They cannot be used to block an outbound specific protocol. D. Incorrect: Authentication exemption rules are used in conjunction with Isolation rule to allow connections to be made without requiring that authentication occur. Authentication exemption rules apply to inbound traffic rather than outbound. 2. Correct Answers: B and C a. Incorrect: Windows Firewall does not allow you to create firewall rules for specific network locations on the basis of port address. Windows Firewall does not allow you to create rules that differentiate between the home and work network locations. You can only create rules that differentiate on the basis of home and work or public network locations. B. Correct: You can use WFAS to create firewall rules on the basis of port address and on the basis of network location. c. Correct: You can use the Netsh command-line utility to create WFAS rules. WFAS rules allow you to create firewall rules on the basis of port address and on the basis of network location. D. Incorrect: Netstat is a tool used to provide information about network traffic. You cannot use Netstat to create firewall rules. 3. Correct Answer: C a. Incorrect: The rule in the question allows traffic rather than blocks traffic. B. Incorrect: The rule in the question applies to inbound traffic rather than outbound t r a f fi c . c. Correct: This rule, called CustomRule, applies in the domain profile and allows inbound TCP traffic on port 80. You can create WFAS rules using Netsh in the advfirewall context. D. Incorrect: The rule in the question is an inbound rule rather than an outbound rule. Chapter 7: Lesson Review Answers Answers 809 4. Correct Answer: B a. Incorrect: Although you can create rules based on applications using Windows Firewall, you cannot use this tool to create rules that require that incoming connections be authenticated. B. Correct: WFAS allows you to create detailed rules that include the ability to allow incoming traffic only if it is authenticated. c. Incorrect: Credential Manager stores authentication credentials. It cannot be used to create firewall rules that require authentication. D. Incorrect: Authorization Manager allows you to configure roles for the delegation of administrative privileges. You cannot use Authorization Manager to create firewall rules that require authentication. 5. Correct Answers: A and D a. Correct: You should configure Windows Firewall to notify you when it blocks a program in the Home Or Work (Private) Network Location Settings area. This ensures that you receive a message when a new program is blocked when connected to this network profile. B. Incorrect: You should not disable the setting related to receiving a message when a new program is blocked in the Home Or Work (Private) Network Location Settings area because this means that you do not receive a message when a program is blocked. c. Incorrect: You should not enable the setting related to receiving a message when a new program is blocked in the Public Network Location Settings area because this notifies you when a new program is blocked. The question text states that you should not be notified when this occurs. D. Incorrect: You should disable the setting related to receiving a message when a new program is blocked in the Public Network Location Settings area because this ensures that you are not notified when a program is blocked. Lesson 2 1. Correct Answer: C a. Incorrect: You should not enable Remote Assistance. Remote Assistance requires that someone is logged on to the computer that you wish to manage remotely. B. Incorrect: You should not enable the Remote Desktop: Don’t Allow Connections To This Computer option because that blocks the ability to make Remote Desktop connections. c. Correct: You should enable the Remote Desktop: Allow Connections From Computer Running Any Version Of Remote Desktop setting because this allows you to connect to a computer running Windows 7 from a computer running Windows XP with SP2. D. Incorrect: You should not enable the Remote Desktop: Allow Connections Only From Computers With Network Level Authentication as clients running Windows XP with SP2 are unable to connect to clients running Windows 7 when this option is enabled. Windows XP requires SP3 and special configuration to use Network-Level Authentication. 8 1 0 Answers 2. Correct Answer: B a. Incorrect: You need to configure client Beta rather than client Alpha using the WinRM Quickconfig command. B. Correct: You need to run the command WinRM Quickconfig on client Beta before you can manage it remotely from client Alpha using Windows PowerShell. This command starts the WinRM service, configures a listener for the ports that send and receive WS-Management protocol messages, and configures firewall exceptions. c. Incorrect: It is not necessary to create a firewall rule on client Alpha. D. Incorrect: Although it is necessary to create a firewall rule on client Beta, it is also necessary to configure a listener for WS-Management protocol messages and to start the WinRM service. All these tasks can be accomplished by running the WinRM quickconfig command. Only one of these tasks can be accomplished by creating a firewall rule. 3. Correct Answer: B a. Incorrect: The command nslookup Aberdeen provides the computer’s IP address but does not provide the MAC address. B. Correct: The command winrs –r:Aberdeen ipconfig /all runs the command ipconfig /all on Aberdeen but displays the results on the computer that you are logged on to, which in this case is computer Canberra. Ipconfig /all displays a computer’s MAC address. c. Incorrect: You should not use the command winrs –r:Canberra ipconfig /all because this displays computer Canberra’s IP address information, not the IP address information of computer Aberdeen. D. Incorrect: The command arp –a displays information about IP addresses and MAC addresses on the same subnet but does not display MAC address information about computers on remote subnets. To use this command to determine another computer’s MAC address, you also have to know that computer’s IP address. 4. Correct Answer: B a. Incorrect: The Windows PowerShell command icm Canberra {Get-Process} displays process information from computer Canberra, not computer Aberdeen. B. Correct: The Windows PowerShell command icm Aberdeen {Get-Process} opens a remote Windows PowerShell session to computer Aberdeen and runs the Get-Process cmdlet, which displays process information, including listing data about CPU and memory usage. c. Incorrect: You cannot use WinRS to invoke a Windows PowerShell cmdlet. You must use Windows PowerShell with the syntax icm remotehost {PowerShell Cmdlet} to use Windows PowerShell remotely. D. Incorrect: You cannot use WinRS to invoke a Windows PowerShell cmdlet. You must use Windows PowerShell with the syntax icm remotehost {PowerShell Cmdlet} to use Windows PowerShell remotely. In this example, WinRS targets computer Canberra rather than computer Aberdeen. Chapter 7: Case Scenario Answers Answers 811 5. Correct Answer: D a. Incorrect: The WinRM service is required for remote use of Windows PowerShell and Remote Shell. The WinRM service is not required for Remote Assistance. B. Incorrect: A client does not have to be configured to accept Remote Desktop sessions to use Remote Assistance, so this setting does not explain why the connection cannot be made. Clients running Windows 7 always support Network Level Authentication. c. Incorrect: The helper does not need to log on to the target computer when participating in a Remote Assistance session, so it does not matter what groups her user account is a member of. A Remote Assistance session allows the helper to see the desktop of the currently logged-on user, so everything that is done within that session is done with the currently logged-on user’s privileges. D. Correct: If the Remote Assistance panel is closed, it stops any possible Remote Assistance connection. Chapter 7: Case Scenario Answers Case Scenario 1: University Client Firewalls 1. Configure a Windows Firewall rule that allows incoming Web traffic on the local subnet. This allows people at the conference to connect to the Web site but does not allow people from other networks to make similar connections. 2. You should configure a port-based outbound rule to block the file sharing program in the undergraduate computer lab. Port-based rules allow you to block specific ports and can be useful when the programs that use those ports have different identities. 3. You could create a set of firewall rules on a reference computer and export them to a USB flash device. You could then import the firewall rules on each of the other stand-alone computers in the postgraduate computer laboratory. Case Scenario 2: Antarctic Desktop Support 1. As installing the application requires the ability to elevate privileges, you need to connect to the client running Windows 7 using Remote Desktop and log on. 2. Add the user’s account to the Remote Desktop Users group on the client running Windows 7 at the Antarctic base. If the user at the Tasmanian office is using a client running Windows XP, ensure that the settings on the client running Windows 7 in Antarctica do not require Network Level Authentication. 3. Before you can run Windows PowerShell scripts remotely against the clients running Windows 7, you need to run the WinRM Quickconfig command from an elevated command prompt on each computer. 8 1 2 Answers Chapter 8: Lesson Review Answers Lesson 1 1. Correct Answers: B, C, and D a. Incorrect: You do not need to share each data folder; you can add them to a common library and then share the library using HomeGroups. B. Correct: You should create a new library named Sci_Data, add each instrument’s separate data folder to the library, and then share it using the HomeGroup control panel. c. Correct: You should create a new library named Sci_Data, add each instrument’s separate data folder to the library, and then share it using the HomeGroup control panel. D. Correct: You should create a new library named Sci_Data, add each instrument’s separate data folder to the library, and then share it using the HomeGroup control panel. 2. Correct Answer: C a. Incorrect: The Print permission allows a user to manage their documents but not the documents of others. B. Incorrect: Users that you assign the Manage This Printer permission are able to reconfigure printer permissions. They are not able to manage the documents of other users directly, though they can assign themselves the Manage Documents permission and accomplish this task indirectly. c. Correct: When you assign a person the Manage Documents permission, she is able to reorder any documents in the queue and cancel them. D. Incorrect: The Power Users group is included for backward compatibility with earlier versions of Windows. Assigning a user to the Power Users group does not confer any printer permissions. 3. Correct Answers: A and B a. Correct: You can use the net share command to view share names and the folders with which those folders are associated. B. Correct: You can use the Computer Management console to view share names and the folders with which those shares are associated. c. Incorrect: Libraries allows you to configure libraries. You cannot use Libraries to determine which shared folders a client running Windows 7 hosts because it is possible to host shared folders that are not libraries. D. Incorrect: You can use Network And Sharing Center to configure sharing options, but you cannot use Network And Sharing Center to determine which shared folders a client running Windows 7 hosts. 4. Correct Answer: B a. Incorrect: You should not assign the Read permission. If you assign this permission, users are unable to modify or delete files. . IPv6 and IPv4. Case Scenario 3: Using Laptop Computers Running Windows 7 on Wireless Networks 1. Windows 7 introduces location-aware printing. The employee can use the office printer as her default. clients running Windows XP with SP2 are unable to connect to clients running Windows 7 when this option is enabled. Windows XP requires SP3 and special configuration to use Network-Level Authentication. . connect to the client running Windows 7 using Remote Desktop and log on. 2. Add the user’s account to the Remote Desktop Users group on the client running Windows 7 at the Antarctic base. If