Chapter 8 - Implement an Advanced Network Infrastructure Flashcards
1
Q
You are the administrator for your company network. You and a colleague are discussing Software Defined Networking (SDN). You know that SDN provides a method to centrally configure and manage physical and virtual network devices such as routers, switches, and gateways in your datacenter. Virtual network elements such as Hyper-V Virtual Switch, Hyper-V Network Virtualization, and RAS Gateway are designed to be integral elements of your SDN infrastructure. Software-defined networking provides which of the following capabilities?
A. The ability to centrally define and control policies that govern both physical and vir- tual networks, including traffic flow between these two network types
B. The ability to implement network policies in a consistent manner at scale, even as you deploy new workloads or move workloads across virtual or physical networks
C. The ability to abstract your applications and workloads from the underlying physical network, which is accomplished by virtualizing the network
D. All of these
A
D. SDN provides all of the listed capabilities.
2
Q
You are the administrator for your company network. You plan to deploy several Windows Server 2016 Hyper-V hosts. The deployment will use Software Defined Networking (SDN) and Virtual Extensible LAN (VXLAN). What server role should you install on the network to support the planned deployment? A. Host Guardian Service B. Remote Access C. Network Controller D. Network Policy and Access Services
A
A. The Host Guardian Service (HGS) is the centerpiece of the guarded fabric solution. It is responsible for ensuring that Hyper-V hosts in the fabric are known to the host or enterprise and running trusted software and for managing the keys used to start up shielded VMs.
3
Q
You are the administrator for your company network. By using the Network Controller server role, you implement Software Defined Networking (SDN). You have a virtual net- work named VN1 that contains servers. What should you configure if you need to ensure
that only devices from the 192.168.0.0/24 subnet can access the virtual machine in VN1?
A. Dynamic Access Control
B. Role-Based Access Control
C. Network Security Group (NSG)
D. Universal Security Group
A
A. Microsoft Dynamic Access Control (DAC) is a data governance tool in Windows Server 2016 that lets administrators control access settings. DAC uses centralized policies to let administrators review who has access to individual files. Files can be manually or automati- cally classified.
4
Q
You are the administrator for your company network. You and a colleague are discussing
NIC Teaming. Which of the following is true with regards to NIC Teaming? (Choose all that apply.)
A. It allows for traffic failover to prevent connectivity loss if a network component fails.
B. It prevents bandwidth aggregation.
C. It supports a maximum of five NICs in a team.
D. It supports a maximum of 32 NICs in a team.
A
A, D. NIC Teaming, also known as Load Balancing/Failover (LBFO), allows multiple net- work adapters to be placed into a team for the purposes of bandwidth aggregation, and/or traffic failover to maintain connectivity in the event of a network component failure.
5
Q
You are the administrator for your company network. You have an Active Directory domain that contains several Windows Server 2016 Hyper-V hosts. You plan to deploy net- work virtualization and to centrally manage Datacenter Firewall policies. What component must you install for the planned deployment?
A. The Canary Network Diagnostics feature B. The Data Center Bridging (DCB) feature C. The Network Controller server role
D. The Routing role service
A
C. Network controllers are new to Windows Server 2016. Network controllers allow an administrator to have a centralized virtual and physical datacenter infrastructure. This allows administrators to manage, configure, and troubleshoot all of their infrastructure components from one location. The Network Controller feature allows you to configure and manage allow/deny firewall Access Control rules for your workload VMs for both East/West and North/South network traffic in your datacenter.
6
Q
You are the administrator for your company network. You have a Windows Server 2016 server named Server1. What should you install if you need to configure Server1 as a multitenant RAS Gateway?
A. The Data Center Bridging feature
B. The Network Controller server role
C. The Network Policy and Access Services server role D. The Remote Access server role
A
D. To install a multitenant RAS Gateway, you must install the Remote Access server role
first. You can deploy RAS Gateway as a multitenant, software-based edge gateway and router when you are using Hyper-V Network Virtualization or you have VM networks deployed with Virtual Local Area Networks (VLANs). With the RAS Gateway, tenants can use Point-to-Site VPN connections to access their VM network resources in the datacenter from anywhere.
7
Q
You are the administrator for your company network. You create an application named App1. App1 is going to be distributed to multiple Hyper-V virtual machines in a multiten- ant environment for both virtual and non-virtual networks. What should you include in the environment if you need to ensure that the traffic is distributed evenly among the virtual machines that host App1?
A. Network Controller and Windows Server Network Load Balancing (NLB) nodes B. Network Controller and Windows Server Software Load Balancing (SLB) nodes C. A RAS Gateway and Windows Server Network Load Balancing (NLB) nodes
D. A RAS Gateway and Windows Server Software Load Balancing (SLB) nodes
A
D. Remote Access Service (RAS) Gateways are used for bridging traffic between virtual and non-virtual networks. Organizations can use Software Load Balancing (SLB) to evenly distribute network traffic between the virtual network resources.
8
Q
You are the administrator for your company network. You and a colleague are planning to set up NIC Teaming. You want to provide fault protection. What is the minimum number of Ethernet adapters you must have to take advantage of fault protection in NIC Teaming? A. 1 B. 2 C. 3 D. 4
A
B. To be able to use NIC Teaming, the computer system must have at least one Ethernet adapter. But if you want to provide fault protection, you must have a minimum of two Eth- ernet adapters.
9
Q
You are the administrator for your company network. You want to deploy the RAS Gate- way as an Edge VPN server, an Edge DirectAccess server, or both simultaneously. The RAS Gateway will provide remote employees with connectivity to your network by using either VPN or DirectAccess connections. What RAS Gateway Mode type will you be setting up? A. Dual tenant mode B. Lone tenant mode C. Multitenant mode D. Single tenant mode
A
D. In single tenant mode, the RAS Gateway is used as the exterior or Internet-facing VPN or DirectAccess edge server. Single tenant mode allows organizations of any size to deploy the gateway as an exterior, or Internet-facing edge virtual private network (VPN) and DirectAccess server. In single tenant mode, you can deploy RAS Gateway on a physical server or virtual machine running Windows Server 2016.
10
Q
You are the administrator for your company network. You have a Windows Server 2016 virtual machine named VM1 that hosts a service that requires high network throughput. VM1 has a virtual network adapter that connects to a Hyper-V switch named vSwitch1. vSwitch1 has one network adapter. The network adapter supports Remote Direct Memory Access (RMDA), the Single Root I/O Virtualization (SR-IOV) interface, Quality of Service (QoS), and Receive Side Scaling (RSS). You need to ensure that the traffic from VM1 can be processed by multiple networking processors. What Windows PowerShell cmdlet should you run in the host of VM1? A. Set-NetAdapterRss B. Set-NetAdapterRdma C. Set-NetAdapterSriov D. Set-NetAdapterQoS
A
A. The Set-NetAdapterRss cmdlet sets the RSS properties on a network adapter. RSS is a scalability technology that distributes the receive network traffic among multiple processors by hashing the header of the incoming packet.
11
Q
You are the administrator for your company network. You have a test environment that includes two Windows Server 2016 servers named Server1 and Server2. What feature should the servers support if you need to ensure that you can implement SMB Direct between the servers?
A. Multipath I/O (MPIO)
B. Remote Direct Memory Access (RDMA)
C. Single Root I/O Virtualization (SR-IOV)
D. Virtual Machine Queue (VMQ)
A
B. RDMA allows computers in a network to exchange data in main memory without involv- ing the processor, cache, or operating system of either computer. RDMA improves throughput and performance because it frees up resources and uses a faster data transfer rate and low- latency networking. It can be implemented for networking and storage applications.
12
Q
You are the administrator for your company network. You have a Windows Server 2016 server named Server1. You install the Hyper-V server role on Server1, and it has eight network adapters that are dedicated to virtual machines. The network adapters are RDMA-enabled. You plan to use SDN. You will host the virtual machines for multiple tenants on the Hyper-V host. What should you implement if you need to ensure that
the network connections for the virtual machines are resilient if one or more physical network adapters fail?
A. Single Root I/O Virtualization (SR-IOV)
B. Switch Embedded Teaming (SET)
C. NIC Teaming on the Hyper-V host
D. Virtual Receive Side Scaling (vRSS)
A
B. SET is an alternative NIC Teaming solution that you can use in environments that include Hyper-V and the SDN stack in Windows Server 2016. SET allows you to group between one and eight physical Ethernet network adapters into one or more software-based virtual network adapters. These virtual network adapters provide fast performance and fault tolerance in the event of a network adapter failure.
13
Q
You are the administrator for your company network. You have a Windows Server 2016 Hyper-V host named Server1 that has two network adapters that are RDMA-enabled. What cmdlet should you use if you need to verify whether SET is enabled?
A. Get-NetworkSwitchFeature
B. Get-VMNetworkAdapter
C. Get-VMNetworkAdapterFailoverConfiguration
D. Get-VMSwitch
A
D. The Get-VMSwitch cmdlet gets the virtual switches from a Hyper-V host. If you specify no parameters, this cmdlet returns all virtual switches from the local Hyper-V host. This will show you whether SET is enabled.
14
Q
You are the administrator for your company network. You can use Policy-based QoS to control bandwidth costs, manage traffic, or negotiate service levels with bandwidth pro- viders or business departments. QoS policies can define priority through a Differentiated Services Code Point (DSCP) value. The DSCP applies a value (0–63) within the Type of Service (TOS) field in an IPv4 packet’s header and within the Traffic Class field in IPv6. This value provides classification at the Internet Protocol (IP) level, which routers can use to decide queuing behavior. You can also limit an application’s outbound network traffic by specifying a throttle rate. The Wi-Fi Alliance has established a certification for Wireless Multimedia (WMM) that defines four access categories (WMM_AC) for priori- tizing network traffic transmitted on a wireless network. Which group should have the highest DSCP value? A. Background (BK) B. Best effort (BE) C. Video (VI) D. Voice (VO)
A
D. In order of highest to lowest priority, the access categories are: Voice (VO), Video (VI), Best Effort (BE), and Background (BK). Voice (VO) is the highest with a DSCP range of 48–63, while Background (BK) is the lowest with a range of 8–23.
15
Q
You are the administrator for your company network. Your company has 10 offices. Each office has a local network that contains several Windows Server 2016 Hyper-V hosts. All of the offices are connected by high speed, low latency WAN links. What component should you install if you need to ensure that you can use QoS policies for Live Migration traffic between the offices?
A. The Canary Network Diagnostics feature
B. The Data Center Bridging feature
C. The Multipath I/O feature
D. The Network Controller server role
E. The Routing role service
A
B. You can enable and configure network QoS with the Data Center Bridging (DCB) fea- ture. QoS can help manage network traffic by configuring rules that can detect congestion or reduced bandwidth, and then to prioritize, or throttle, traffic accordingly. You can use QoS to prioritize voice and video traffic, which is sensitive to latency. DCB provides band- width allocation to specific network traffic and helps to improve Ethernet transport reliabil- ity by using flow control based on priority.
16
Q
You are the administrator for your company network. You have a Windows Server 2016 server named Server1 that is a Hyper-V host. You have two network adapter cards on Server1 that are RDMA-capable. You need to aggregate the bandwidth of the net- work adapter cards for a virtual machine on Server1. You must ensure that the virtual machine can use the RDMA capabilities of the network adapter cards. What command should you run?
A. Add-NetLbfoTeamNic -Name Production -NetAdapterName “NIC1”, “NIC2” -EnableEmbeddedTeaming
B. Add-VmNetworkAdapter -Name Production -NetAdapterName “NIC1”, “NIC2” -EnableIov
C. New-NetLbfoTeam -Name Production -NetAdapterName “NIC1”, “NIC2” -EnablePacketDirect
D. New-VmSwitch -Name Production -NetAdapterName “NIC1”, “NIC2” -EnableEmbeddedTeaming
A
D. The New-VMSwitch command creates a new virtual switch on one or more virtual machine hosts. The -EnableEmbeddedTeaming parameter specifies whether this cmdlet enables teaming for the virtual switch.
17
Q
You are the administrator for your company network. You have decided to start using net- work controllers. What PowerShell cmdlet allows you to create a new network controller? A. New-NetworkController B. New-NetworkControllerObject C. New-NetworkControllerNodeObject D. New-NetworkControllerServerObject
A
C. The New-NetworkControllerNodeObject PowerShell cmdlet allows you to set up a new network controller. The New-NetworkControllerNodeObject cmdlet creates a net- work controller node object. This cmdlet is used for configuring a network controller for the first time.
18
Q
You are the administrator for your company network. You want to create a virtual disk that clones a local drive available on your host machine. Using Hyper-V Manager, what types of disks can you use to copy a physical disk to a virtual disk? (Choose all that apply.) A. Differencing B. Dynamically expanding C. Fixed size D. Physical or pass-through
A
B, C. Hyper-V Manager supports copying a physical disk to a virtual disk by using only dynamically expanding or fixed-size virtual hard disks. You can perform this task in the New Virtual Hard Disk Wizard. Differencing and physical disks are not available with this feature.
19
Q
You are the administrator for your company network. You and a colleague are planning to set up NIC Teaming. What is the maximum number of Ethernet adapters that you can set up in a NIC Team? A. 12 B. 24 C. 32 D. 56
A
C. One advantage of Windows Server 2016 is that an administrator can set up 32 network adapters in a NIC Team.
20
Q
You are the administrator for your company network. You and a colleague are discussing how to move virtual machines between host machines. How do you accomplish this?
A. Create a snapshot of the virtual machine and apply it to a different machine.
B. In Hyper-V, use the Export and Import Virtual Machine command.
C. In Hyper-V, use the Save command.
D. Move the virtual machine files to the target host and add them to Hyper-V.
A
B. The only supported way to move virtual machines between host machines is to use Export and Import Virtual Machine. The option to move the virtual machine files cannot be used anymore because you will lose the configuration of your virtual machines. You cannot apply a snapshot to a different host machine. The Save command is not an available option in Hyper-V.
21
Q
You are the administrator for your company network. You are planning to add a hard disk drive to a virtual machine using PowerShell. What cmdlet should you run? A. Add-VMDvdDrive B. Add-VMHardDrive C. Add-VMHardDiskDrive D. Add-VMDrive
A
C. The Add-VMHardDiskDrive cmdlet adds a hard disk drive to a virtual machine.
22
Q
You are the administrator for your company network. You and a colleague are discussing NIC Teaming. You know that NIC Teaming gives an administrator the ability to allow multiple network adapters on a system to be placed into a team. What is another name for NIC Teaming? A. Network Load Balancing (NLB) B. Load Balancing and Failover (LBFO) C. Software Load Balancing (SLB) D. High-Performance Networking (HPN)
A
B. NIC Teaming, also known as Load Balancing and Failover (LBFO), gives an administra-
tor the ability to allow multiple network adapters on a system to be placed into a team.
23
Q
You are the administrator for your company network. If you have a running cluster and need to run the Validate a Configuration Wizard, which of the following tests may require cluster resources to be taken offline? A. Inventory tests B. Network tests C. Storage tests D. System configuration tests
A
C. The storage tests require the clustered disk resource to be offline. If you need to run the storage tests, the Validate a Configuration Wizard will prompt you to make sure you want to take the resources offline.
24
Q
You are the administrator for your company network. You have two Windows Server 2016 servers named Server1 and Server2. You plan to implement Storage Replica to replicate
the contents of volumes on Server1 to Server2. What cmdlet should you run if you need
to ensure that the replication traffic between the servers is limited to a maximum of
100 Mbps?
A. New-StorageQosPolicy B. Set-NetTCPSetting
C. Set-NetUDPSetting
D. Set-SmbBandwidthLimit
A
D. The Set-SmbBandwidthLimit cmdlet adds a Server Message Block (SMB) bandwidth cap for the traffic categories that you specify. SMB bandwidth caps limit the amount of data that the server can send for each traffic category.
25
Youaretheadministratorforyourcompanynetwork.YouandacolleaguearediscussingSLB. Which of the following processes inbound network traffic and maps Virtual IPs (VIPs) to Dynamic IPs (DIPs), then forwards the traffic to the correct DIP?
A. Host Agent
B. Northbound Application Program Interfaces (API)
C. System Center Virtual Machine Manager (SCVMM)
D. SLB Multiplexer (MUX)
D. The SLB Multiplexer (MUX) processes inbound network traffic and maps Virtual IPs (VIPs) to Dynamic IPs (DIPs), then forwards the traffic to the correct DIP. Each MUX also uses Border Gateway Protocol (BGP) to publish VIP routes to edge routers. BGP Keepalive notifies MUXs when a MUX fails, which allows active MUXs to redistribute the load. This essentially provides load balancing for the load balancers.
26
You are the administrator for your company network. You have an Active Directory domain. The domain contains Windows Server 2016 Hyper-V hosts named Server1 and Server2. The Hyper-V hosts are configured to use Network Virtualization Generic Route Encapsulation (NVGRE) for network virtualization. You have six virtual machines that are connected to an external switch. The virtual machines are configured as shown here.
Virtual Machine Name Hyper-V Host IP Address Netmask GRE Key
VM1 Server1 192.168.1.16 255.255.255.0 16
VM2 Server2 192.168.1.232 255.255.255.0 32
VM3 Server3 192.168.1.32 255.255.255.0 32
VM4 Server4 192.168.1.25 255.255.255.0 25
VM5 Server5 192.168.1.116 255.255.255.0 16
VM6 Server6 192.168.1.132 255.255.255.0 32
What virtual machine or virtual machines can VM1 and VM3 connect to?
A. VM1 can connect to VM5 only and VM3 can connect to VM2 and VM6 only.
B. VM1 can connect to VM2 only and VM3 can connect to VM6 only.
C. VM1 can connect to VM2, VM3, VM5, and VM6 only and VM3 can connect to VM4, VM5, and VM6 only.
D. VM1 can connect to VM1, VM2, VM4, VM5, and VM6 only and VM3 can connect to VM6 only
A. The Generic Routing Encapsulation (GRE) keys must match. To separate the traffic between the two virtualized networks, the GRE headers on the tunneled packets include a GRE Key that provides a unique Virtual Subnet ID for each virtualized network.
27
```
You are the administrator for your company network. You are planning to install Hyper-V. One benefit with Windows Server 2016 Hyper-V is that it now includes, which allows one computer to directly access memory from the memory of another computer without the need of interfacing with either one’s operating system.
A. NIC Teaming
B. Switch Embedded Teaming (SET)
C. Remote Direct Memory Access (RDMA)
D. High-Performance Networking (HPN)
```
C. Remote Direct Memory Access (RDMA) allows one computer to directly access mem- ory from the memory of another computer without the need of interfacing with either one’s operating system. This gives systems the ability to have high throughput and low-latency networking. This is very useful when it comes to clustering systems (including Hyper-V).
28
You are the administrator for your company network. You have a Windows Server 2016 Hyper-V host named Server1 that hosts several virtual machines. Each virtual machine has two network adapters. Server1 also contains several virtual switches. On Server1, you cre- ate a NIC Team that has two network adapters. You discover that the NIC Team is set to Static Teaming mode. What cmdlet should you use if you need to modify the NIC Teaming mode to Switch Independent?
A. Set-NetLbfoTeam
B. Set-NetLbfoTeamNic C. Set-VMNetworkAdapter D. Set-VMSwitch
D. The Set-VMNetworkAdapter cmdlet configures features of the virtual network adapter in a virtual machine or the management operating system.
29
You are the administrator for your company network. You and a colleague are discussing Switch Embedded Teaming (SET). You know that there are requirements when adding members to a SET group. What is a requirement of SET?
A. All members of the SET group can be different adapter types from the same manufacturer.
B. All members of the SET group can be different adapter types from different manufacturers.
C. All members of the SET group must be identical adapter types from the same manufacturer.
D. There are no requirements to becoming a member of a SET group.
C. One of the requirements of SET is that all network adapters that are members of the SET group be identical adapters. This means that they need to be the same adapter types from the same manufacturer.
30
You are the administrator for your company network. You have a Windows Server 2016 failover cluster that contains four nodes. Each node has four network adapters. The net- work adapters on each node are configured as shown in the following table:
Network Adapter Name Cluster Network Name Link Speed
NIC1 ClusterNetwork1 1 Gbps
NIC2 ClusterNetwork2 1 Gbps
NIC3 ClusterNetwork3 1 Gbps
NIC4 ClusterNetwork4 10 Gbps
NIC4 supports Remote Direct Memory Access (RDMA) and Receive Side Scaling (RSS). The cluster networks are configured as shown in the following table:
Cluster Network Name Metric Role
ClusterNetwork1 39984 1
ClusterNetwork2 39983 1
ClusterNetwork3 79984 3
ClusterNetwork4 79840 3
What should you do if you need to ensure that ClusterNetwork4 is used for Cluster Shared Volumes (CSVs) redirected traffic?
A. Set the metric of ClusterNetwork4 to 30,000 and disable SMB Multichannel.
B. Set the metric of ClusterNetwork4 to 90,000 and disable SMB Multichannel.
C. On each server, replace NIC4 with a 1 Gbps network adapter.
D. On each server, enable RDMA on NIC4.
A. Redirected traffic will be sent to the NIC with the lowest metric, but in Server 2016 CSVs use SMB Multichannel (which enables traffic to be redirected using multiple NICs), so you also need to disable SMB Multichannel to prevent redirected traffic from being sent elsewhere on one of the other NICs.
31
```
You are the administrator for your company network. You and a colleague are discussing NIC Teaming. You know that you can set up NIC Teaming by using Server Manager or PowerShell and that different configuration models are available. If you want all the NIC adapters to be connected to the same switch, what is this configuration called?
A. Switch Dependent
B. Switch Reliant
C. Switch Independent
D. Switch Autonomous
```
A. Switch Dependent means that all NIC adapters are connected into the same switch. There are no such models as Switch Reliant or Switch Autonomous.
32
You are the administrator for your company network. Your network contains an Active Directory domain. The domain contains a Windows Server 2016 server named Server1
that has the Hyper-V server role installed. Server1 has a virtual switch named Switch1.
You replace all of the network adapters on Server1 with new network adapters that support SR-IOV. What actions should you perform if you need to enable SR-IOV for all of the virtual machines on Server1? (Choose two.)
A. Delete and then re-create the Switch1 virtual switch.
B. Modify the Advanced Features settings of the network adapter on each virtual machine.
C. Modify the BIOS settings on each virtual machine.
D. Modify the Hardware Acceleration settings of the network adapter on each virtual machine.
E. Modify the settings of the Switch1 virtual switch.
A, D. The first step when allowing a virtual machine to have connectivity to a physical network is to create an external virtual switch using Virtual Switch Manager in Hyper-V Manager. The additional step that is necessary when using SR-IOV is to ensure the check box is selected when the virtual switch is being created. Once a virtual switch has been cre- ated, the next step is to configure a virtual machine and enable the SR-IOV. At the bottom is a check box to enable SR-IOV.
33
You are the administrator for your company network. You have 10 Windows Server 2016 Hyper-V hosts. Each Hyper-V host has eight virtual machines that run a distributed web application named App1. You plan to implement a Software Load Balancing (SLB) solution for client access to App1. You deploy two new virtual machines named SLB-VM1 and SLB- VM2. What components should you install if you need to install the required components on the Hyper-V hosts and the new servers for the planned implementation? (Choose two.)
A. Install SLB Host Agent on SLB-VM1 and SLB-VM2.
B. Install Network Load Balancing (NLB) on SLB-VM1 and SLB-VM2.
C. Install SLB Multiplexer (MUX) on SLB-VM1 and SLB-VM2.
D. Install SLB Host Agent on each Hyper-V host.
E. Install SLB Multiplexer (MUX) on each Hyper-V host.
F. Install Host Guardian Service server role on each Hyper-V host.
C, D. The SLB Host Agent: When you deploy SLB, you must use System Center, Windows PowerShell, or another management application to deploy the SLB Host Agent on every Hyper-V host computer. You can install the SLB Host Agent on all versions of Windows Server 2016 that provide Hyper-V support, including Nano Server.
The SLB MUX: Part of the Software Load Balancer (SLB) on Windows Server 2016, the SLB MUX processes inbound network traffic and maps Virtual IPs (VIPs) to Datacenter IPs (DIPs), then forwards the traffic to the correct DIP. Each MUX also uses BGP to publish VIP routes to edge routers. This will need to be installed on the virtual machines (SLB- VM1 and SLB-VM2)
34
You are the administrator for your company network. You have 10 Windows Server 2016 Hyper-V hosts. Each Hyper-V host has eight virtual machines that run a distributed web application named App1. You plan to implement a Software Load Balancing (SLB) solution for client access to App1. You deploy two new virtual machines named SLB-VM1 and SLB- VM2. What components should you install if you need to install the required components on the Hyper-V hosts and the new servers for the planned implementation? (Choose two.)
A. Install SLB Host Agent on SLB-VM1 and SLB-VM2.
B. Install Network Load Balancing (NLB) on SLB-VM1 and SLB-VM2.
C. Install SLB Multiplexer (MUX) on SLB-VM1 and SLB-VM2.
D. Install SLB Host Agent on each Hyper-V host.
E. Install SLB Multiplexer (MUX) on each Hyper-V host.
F. Install Host Guardian Service server role on each Hyper-V host.
C, D. The SLB Host Agent: When you deploy SLB, you must use System Center, Windows PowerShell, or another management application to deploy the SLB Host Agent on every Hyper-V host computer. You can install the SLB Host Agent on all versions of Windows Server 2016 that provide Hyper-V support, including Nano Server.
The SLB MUX: Part of the Software Load Balancer (SLB) on Windows Server 2016, the SLB MUX processes inbound network traffic and maps Virtual IPs (VIPs) to Datacenter IPs (DIPs), then forwards the traffic to the correct DIP. Each MUX also uses BGP to publish VIP routes to edge routers. This will need to be installed on the virtual machines (SLB- VM1 and SLB-VM2).
35
```
You are the administrator for your company network. You and a colleague are discussing NIC Teaming. You know that you can set up NIC Teaming by using Server Manager or PowerShell and that different configuration models are available. If you want each NIC adapter connected into a different switch, what is this configuration called?
A. Switch Dependent
B. Switch Reliant
C. Switch Independent
D. Switch Autonomous
```
C. With Switch Independent mode, the switch or switches to which the NIC Team mem- bers are connected are unaware of the presence of the NIC Team and do not determine how to distribute network traffic to NIC Team members. Instead, the NIC Team distributes inbound network traffic across the NIC Team members. When you use Switch Independent mode, the network traffic load is distributed based on the TransportPorts address hash as modified by the Dynamic load balancing algorithm.
36
You are the administrator for your company network. You have a Windows Server 2106 virtual machine named Server1 that you plan to use as part of a Software Defined Net- working (SDN) solution. What should you install if you need to implement the Border Gateway Protocol (BGP) on Server1?
A. Peer Name Resolution Protocol (PNRP) feature
B. Network Device Enrollment Service role service
C. Network Policy and Access Services server role
D. Routing Role service
D. To use Border Gateway Protocol (BGP) routing, you must install the Remote Access Ser- vice (RAS) and/or the Routing Role service of the Remote Access server role on a computer or virtual machine (VM). BGP reduces the need for manual route configuration on routers because it is a dynamic routing protocol, and it automatically learns routes between sites that are connected by using site-to-site VPN connections.
37
You are the administrator for your company network. You have a Windows Server 2016 Hyper-V host named Server1 that has two network adaptors named NIC1 and NIC2. Server2 has two virtual switches named vSwitch1 and vSwitch2. N1C1 connects to vSwitch1. NIC2 connects to vSwitch2. Server1 hosts a virtual machine named VM1. VM1 has two network adapters named vmNIC1 and vmNIC2. vmNIC1 connects to vSwitch1 and vmNIC2 connects to vSwitch2. What should you run on VM1 if you need to create a NIC Team on VM1?
A. $var1 = "LACP" $var2 = "Dynamic"
B. $var1 = "Static" $var2 = "HyperVPort"
C. $var1 = "SwitchIndependent" $var2 = "TransportPorts"
D. $var1 = "SwitchIndependent" $var2 = "HyperVPort"
C. With Switch Independent mode, the switch or switches to which the NIC Team mem- bers are connected are unaware of the presence of the NIC Team and do not determine how to distribute network traffic to NIC Team members. Instead, the NIC Team distributes inbound network traffic across the NIC Team members. When you use Switch Independent mode, the network traffic load is distributed based on the TransportPorts address hash as modified by the Dynamic load balancing algorithm.
38
```
You are the administrator for your company network. You and a colleague are discussing enabling and configuring network QoS with DCB using PowerShell. What command will obtain the DCB Exchange settings?
A. Set-NetOosDcbxSetting
B. Get-NetQosDcbxSetting
C. Get-NetQosDcbxControl
D. Set-NetQosDcbxControl
```
B. The Get-NetQosDcbxSetting command gets Data Center Bridging Exchange (DCBX) settings. The only thing you need to configure is whether the network adapters in the com- puter that runs Windows Server 2012 or later accepts Data Center Bridging (DCB) configu- rations from the computer or from a remote device.
39
You are the administrator for your company network. You decide to implement Switch Embedded Teaming (SET). You and a colleague are discussing creating a new SET team. You must configure it so that you have member adapters and load balancing mode config- ured. Which load balancing mode ensures that outbound loads are distributed based on a hash of the TCP ports and IP addresses while also rebalancing loads in real time so that a given outbound flow can move back and forth between SET team members?
A. Dynamic
B. Dynamic Hyper-V C. Hyper-V Port
D. Outbound
A. When you create a new SET team, you must configure the member adapters and Load Balancing Mode team properties. The options for SET team Load Balancing distribution mode are Hyper-V Port and Dynamic. The options Dynamic Hyper-V and Outbound are not valid distribution modes.
The Dynamic Load Balancing Mode provides the following:
■■ Outbound—Loads are distributed based on a hash of the TCP Ports and IP addresses. Dynamic mode also re-balances loads in real time so that a given outbound flow can move back and forth between SET team members.
■■ Inbound—Loads are distributed in the same manner as the Hyper-V Port mode.
40
You are the administrator for your company network. You are discussing using Switch Embedded Teaming (SET) as an alternative to NIC Teaming. What else does SET allow you to do?
A. Allows an administrator to combine a group of physical adapters (minimum of one adapter and a maximum of eight adapters) into hardware-based virtual adapters
B. Allows an administrator to combine a group of physical adapters (minimum of one adapter and a maximum of eight adapters) into software-based virtual adapters
C. Allows an administrator to combine a group of virtual adapters (minimum of one adapter and a maximum of eight adapters) into software-based virtual adapters
D. Allows an administrator to combine a group of virtual adapters (minimum of one adapter and a maximum of eight adapters) into hardware-based virtual adapters
B. SET can be an alternative to using NIC Teaming in environments that include Hyper-V and the Software Defined Networking (SDN) stack in Windows Server 2016. SET allows an administrator to combine a group of physical adapters (minimum of one adapter and a maximum of eight adapters) into software-based virtual adapters.
41
You are the administrator for your company network. You have two Windows Server 2016 Hyper-V servers named Server1 and Server2. You want a dedicated area created on the physical network adapter for each virtual network adapter to use. What is this feature called?
A. Remote Direct Memory Access (RDMA)
B. Multipath I/O (MPIO)
C. Virtual Machine Queue (VMQ)
D. Single root I/O virtualization (SR-IOV
C. Windows Server 2016 Hyper-V includes a feature called Virtual Machine Queue (VMQ). VMQ uses packet filtering to provide data from an external virtual machine net- work directly to virtual machines. This helps reduce the overhead of routing packets from the management operating system to the virtual machine.
42
You are the administrator for your company network. You and a colleague are discussing a feature that allows a system’s network adapter to spread the network processing between multiple processor cores in systems that have a multicore processor. What is this called?
A. Receive Side Scaling (RSS)
B. Remote Direct Memory Access (RDMA) C. Switch Embedded Teaming (SET)
D. Virtual Machine Queue (VMQ)
A. Receive Side Scaling (RSS) allows a system’s network adapter to spread the network pro- cessing between multiple processor cores in systems that have a multicore processor. Due to the fact that RSS can distribute the networking load across multiple processors, the system can handle more network traffic.
43
You are the administrator for your company network. You and a colleague are discussing virtual Receive Side Scaling (vRSS). vRSS is a Windows Server 2016 feature that allows vir- tual network adapters to distribute the load across multiple virtual processors in a virtual machine. vRSS can work with many different types of technologies, including which of the following?
A. IPv4 and IPv6
B. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
C. Live Migration
D. Network Virtualization using Generic Routing Encapsulation (NVGRE)
E. All of the above
E. vRSS works with many different types of technologies, including
■■ IPv4 and IPv6
■■ TCP and UDP
■■ LBFO (NIC Teaming)
■■ Live Migration
■■ Network Virtualization using Generic Routing
■■ Encapsulation (NVGRE)
44
```
You are the administrator of your company network. You and a colleague are discussing Receive Side Scaling (RSS). You know that it allows a system’s network adapter to spread the network processing between multiple processors. RSS has the ability to work with sys- tems that have more than how many processors?
A. 12
B. 24
C. 36
D. 64
```
D. RSS has the ability to work with systems that have more than 64 processors. RSS can do this because it spreads the load across all of the processors. Since RSS can spread the network load, you end up with TCP load balancing. RSS also has the ability to load balance non-TCP traffic like UDP and multicast messages. RSS also allows an administrator to have better auditing and management capabilities.
45
You are the administrator for your company network. You are planning to enable virtual
Receive Side Scaling (vRSS). What two PowerShell commands can you run to enable vRSS?
A. Enable-NetAdapterRSS -Name "AdapterName" or
Set-NetAdapterRSS -Name "AdapterName" -Enabled $False
B. Enable-NetAdapterRSS -Name "AdapterName" or
Set-NetAdapterRSS -Name "AdapterName" -Enabled $True
C. Enable-NetAdapterVRSS -Name "AdapterName" or Set-NetAdapterRSS -Name "AdapterName" -Enabled $False
D. Enable-NetAdapterVRSS -Name "AdapterName" or Set-NetAdapterRSS -Name "AdapterName" -Enabled $True
B. To enable vRSS using PowerShell, you need to run one of the following commands from PowerShell. Either PowerShell command will enable vRSS.
Enable-NetAdapterRSS -Name "AdapterName"
or
Set-NetAdapterRSS -Name "AdapterName" -Enabled $True
The Enable-NetAdapterRSS command enables either RSS or vRSS on a network adapter, and the Set-NetAdapterRSS cmdlet sets either RSS or vRSS on a network adapter. -$True indicates whether RSS or vRSS on an interface is enabled.
46
You are the administrator for your company network. You are planning to disable virtual Receive Side Scaling (vRSS). What two PowerShell commands can you run to disable vRSS?
A. Disable-NetAdapterRSS -Name "AdapterName" or Set-NetAdapterRSS -Name "AdapterName" -Enabled $False
B. Disable-NetAdapterRSS -Name "AdapterName" or Set-NetAdapterRSS -Name "AdapterName" -Enabled $True
C. Disable-NetAdapterVRSS -Name "AdapterName" or Set-NetAdapterRSS -Name "AdapterName" -Enabled $False
D. Disable-NetAdapterVRSS -Name "AdapterName" or Set-NetAdapterRSS -Name "AdapterName" -Enabled $True
A. To disable vRSS using PowerShell, you will need to run one of the following commands from PowerShell. Either PowerShell command will disable vRSS.
Disable-NetAdapterRSS -Name "AdapterName"
or
Set-NetAdapterRSS -Name "AdapterName" -Enabled $False
The Disable-NetAdapterRSS cmdlet disables either RSS or vRSS on a network adapter, and the Set-NetAdapterRSS cmdlet sets either RSS or vRSS on a network adapter. -$False indicates whether RSS or vRSS on an interface is disabled.
47
You are the administrator for your company network. You and a colleague are discussing a feature that allocates multiple queues to a single virtual machine, and each queue has its own affinity settings to a core. What is this new Windows Server 2016 feature called?
A. Receive Side Scaling (RSS)
B. Remote Direct Memory Access (RDMA) C. Switch Embedded Teaming (SET)
D. Virtual Machine Multi-Queue (VMMQ)
D. Virtual Machine Multi-Queue (VMMQ) allocates multiple queues to a single virtual machine. Each queue will have its own affinity settings to a core. For this to operate prop- erly, the virtual machine must have the ability to work with multiple virtual CPUs (vCPUs).
48
You are the administrator for your company network. You have a Windows Server 2016 Hyper-V machine and you want to control the traffic that is generated by the virtual machine. What is the name of the Hyper-V feature that allows you to do this?
A. Switch Embedded Teaming (SET)
B. Virtual Receive Side Scaling (vRSS)
C. Virtual Machine Quality of Service (vmQoS)
D. Virtual Machine Multi-Queue (VMM
C. Virtual Machine Quality of Service (vmQoS) allows an administrator to set the band- width limits generated by a virtual machine so that you can control the traffic that is gener- ated by a virtual machine. Administrators have the ability to set minimum and maximum bandwidth limits.
49
You are the administrator for your company network. You and a colleague are discussing Data Center Bridging (DCB). You plan to install DCB using PowerShell. What PowerShell cmdlet do you use to enable DCB, including the management tools?
A. Install-WindowsFeature -Name Data Center Bridging -IncludeManagementTools
B. Install-WindowsFeature -Name Data-Center-Bridging -IncludeManagementTools
C. Install-WindowsFeature -Name DCB -IncludeManagementTools
D. Install-Feature -Name Data Center Bridging -IncludeManagementTools
B. To enable Data Center Bridging (DCB), you would use the following PowerShell cmdlet: Install-WindowsFeature -Name Data-Center-Bridging -IncludeManagementTools
By using DCB, administrators can unite multiple types of network traffic onto a single network adapter. This allows administrators to have a guaranteed level of service for every type of network traffic.
50
You are the administrator for your company network. You manage a Windows Server 2016 Software Defined Network (SDN). The network controller is installed on a three-node, domain-joined cluster of virtual machines. You need to add a new Access Control List (ACL) for the network controller to the network interface on a tenant virtual machine. The ACL will have only one rule that prevents only outbound traffic from the 10.10.10.0/24 subnet. You will run the following Windows PowerShell commands:
$ruleproperties = new-object
Microsoft.Windows.NetworkController.AclRuleProperties
$ruleproperties.SourcePortRange = "0-65535"
$ruleproperties.DestinationPortRange = "0-65535"
$ruleproperties.Action = "Deny" $ruleproperties.Priority = "100"
$ruleproperties.Type = "Outbound"
$ruleproperties.Logging = "Enabled"
What remaining properties should you add to the rule? (Choose three.)
A. $ruleproperties.DestinationAddressPrefix = "10.10.10.0/24" B. $ruleproperties.SourceAddressPrefix = "10.10.10.0/24"
C. $ruleproperties.Protocol = "ALL"
D. $ruleproperties.Protocol = "TCP"
E. $ruleproperties.DestinationAddressPrefix = "*" F. $ruleproperties.SourceAddressPrefix = "*"
B, C, E. The New-NetworkControllerAccessControlList command creates a new access control list for allowing/denying traffic to/from a particular subnet or network interface. Each access control list can contain multiple rules. In this given scenario, you will want to add:
■■ The $ruleproperties.SourceAddressPrefix to the IP address indicated as "10.10.10.0/24" as the source address
■■ The $ruleproperties.Protocol = "ALL", which will allow all protocols
■■ The $ruleproperties.DestinationAddressPrefix = "*", which is the wildcard and
will allow all destination addresses
51
```
You are the administrator for your company network. You and a colleague are discussing Software Defined Network (SDN) and how SDN can use Software Load Balancing (SLB) to evenly distribute network traffic between virtual network resources. There are a few terms that refer to the way that your application traffic patterns go in context of your datacenter. If applications have a pattern that sends data to other applications within the same datacen- ter or between datacenters, it is said to be what kind of pattern?
A. An East-West traffic pattern
B. An East-South traffic pattern
C. A North-South traffic pattern
D. A North-West traffic pattern
```
A. When it comes to SLB and Network Address Translation (NAT) , you may sometimes hear the terms North-South or East-West. These terms just refer to the way that your application traffic patterns go in the context of your datacenter. This question refers to “applications that send data to other applications within the same datacenter or between datacenters,” so it has an East-West traffic pattern.
52
You are the administrator for your company network. Your datacenter contains 10 Hyper-V hosts that host 100 virtual machines. You plan to secure access to the virtual machines by using the Datacenter Firewall service. You have four servers available for the Datacenter Firewall service and they are configured as shown:
Server Name Platform Windows Server 2016 Edition
Server1 Physical Standard
Server2 Physical Standard
Server3 Virtual Datacenter
Server4 Virtual Datacenter
You need to install the required server roles for the planned deployment. What server role should you deploy to Server3 and Server4?
A. Multipoint Services
B. Network Controller
C. Network Policy and Access Services D. Quality of Service
B. You would want to install the Network Controller feature. Network Controller provides a centralized, programmable point of automation to manage, configure, monitor, and trou- bleshoot virtual and physical network infrastructure in your datacenter. Using the Network Controller feature, you can automate the configuration of network infrastructure instead of performing manual configuration of network devices and services.
53
You are the administrator for your company network. You and a colleague are discussing Datacenter Firewalls, which is a new Windows Server 2016 network layer, stateful, multi- tenant firewall. Datacenter Firewalls provide several benefits. Which one of the following is a true Datacenter Firewall benefit?
A. Administrators have the ability to define firewall rules to protect data between virtual machines on the same Layer 2 (L2) or different Layer 2 (L2) virtual subnets.
B. Administrators have the ability to define firewall rules to protect data between virtual machines on different Layer 2 (L2) virtual subnets.
C. Administrators have the ability to define firewall rules to protect data between virtual machines on the same Layer 5 (L5) or different Layer 5 (L5) virtual subnets.
D. Administrators have the ability to define firewall rules to protect data between virtual machines on the same Layer 3 (L3) or different Layer 3 (L3) virtual subnets.
A. Datacenter Firewalls are new Windows Server 2016 network layer, stateful, multitenant firewalls. Network administrators who work with virtual network tenants can install and then configure firewall policies. These firewall policies can help protect their virtual net- works from unwanted traffic from Internet and intranet networks. Windows Server 2016 Datacenter Firewalls give you the following tenant benefits:
■■ Administrators have the ability to define firewall rules to protect data between virtual machines on the same Layer 2 (L2) or different Layer 2 (L2) virtual subnets.
■■ Administrators have the ability to define firewall rules that help protect Internet-facing workloads on virtual networks.
■■ Administrators have the ability to define firewall rules to protect and isolate network traffic between tenants on a virtual network from a service provider.
54
You are the administrator for your company network. You have an internal network that contains multiple subnets. You have a Microsoft Azure subscription that contains multiple virtual networks. You need to deploy a hybrid routing solution between the network and the Azure subscription. You must ensure that the computers on all the networks can con- nect to each other. You install Remote Access Service (RAS) Gateway and enable Border Gateway Protocol (BGP) routing on the network and in Azure. What actions should you perform next? (Choose three.)
A. Advertise all the routes on all the Border Gateway Protocol (BGP) routers.
B. Create a new route for each network.
C. Configure Border Gateway Protocol (BGP) peering. D. Deploy a Site-to-Site (S2S) VPN.
E. Deploy a Point-to-Site (P2S) VPN.
F. Install the Routing Information Protocol (RIP).
A,C, D. In this scenario, the three actions you should perform in order are:
■■ Deploy a Site-to-Site (S2S) VPN.
■■ Configure Border Gateway Protocol (BGP) peering.
■■ Advertise all the routes on all the Border Gateway Protocol (BGP) routers.
55
```
You are the administrator for your company network. You and a colleague are discussing Software Defined Network (SDN) and how SDN can use Software Load Balancing (SLB) to evenly distribute network traffic between virtual network resources. There are a few terms that refer to the way that your application traffic patterns go in context of your datacenter. If your organization has an older datacenter where clients simply request data from a single server, it is likely your datacenter has which type of pattern?
A. An East-West traffic pattern
B. An East-South traffic pattern
C. A North-South traffic pattern
D. A North-West traffic pattern
```
C. When it comes to SLB and Network Address Translation (NAT) , you may sometimes hear the terms North-South or East-West. These terms just refer to the way that your appli- cation traffic patterns go in the context of your datacenter. In this question, it states that “if your organization has an older datacenter where clients simply request data from a single server,” so it has a North-South traffic pattern.
56
You are the administrator for your company network. You and a colleague are discussing RAS Gateway features in Windows Server 2016. One feature:
Enables connectivity between tenant virtual networks and external networks
Is lightweight, and support is available on most network devices
Becomes an ideal choice for tunneling where encryption of data is not required
Supports Site-to-Site (S2S) tunnels, which solves the problem of forwarding between tenant virtual networks and tenant external networks using a multitenant gateway
Which feature of RAS Gateway is being discussed?
A. Generic Routing Encapsulation (GRE)
B. Dynamic Routing with Border Gateway Protocol (BGP)
C. Point-to-Site (P2S) VPN
D. Site-to-Site (S2S) VPN
A. Generic Routing Encapsulation (GRE)–based tunnels enable connectivity between ten- ant virtual networks and external networks. Since the GRE protocol is lightweight and sup- port for GRE is available on most network devices, it becomes an ideal choice for tunneling where encryption of data is not required. GRE support in S2S tunnels solves the problem
of forwarding between tenant virtual networks and tenant external networks using a mult- itenant gateway.
57
You are the administrator for your company network. You and a colleague are discussing routing traffic across networks of a Software Defined Network (SDN) infrastructure. You want to enable connectivity between the physical infrastructure in the datacenter and the virtualized infrastructure in the Hyper-V network virtualization cloud. What should you configure?
A. Configure Generic Routing Encapsulation (GRE).
B. Configure Internet Protocol Security (IPSec) connection.
C. Configure Layer 3 (L3) forwarding.
D. Configure Site-to-Site (S2S) VPN.
C. Layer 3 (L3) forwarding enables connectivity between the physical infrastructure in the datacenter and the virtualized infrastructure in the Hyper-V network virtualization cloud. Using L3 forwarding, tenant network virtual machines can connect to a physical network through the Windows Server 2016 SDN Gateway, which is already configured in an SDN environment. In this case, the SDN gateway acts as a router between the virtualized net- work and the physical network.
58
You are the administrator for your company network. You and a colleague are discussing Switch Embedded Teaming (SET). By using virtual adapters with SET, what are you accomplishing?
A. You get better performance and less fault tolerance in the event of a network adapter failure.
B. You get less performance and greater fault tolerance in the event of a network adapter failure.
C. You get less performance and less fault tolerance in the event of a network adapter failure.
D. You get better performance and greater fault tolerance in the event of a network adapter failure.
D. By using virtual adapters, you get better performance and greater fault tolerance in the event of a network adapter failure. For SET to be enabled, all the physical network adapters must be installed on the same physical Hyper-V host.
59
```
You are the administrator for your company network. You have set up Switch Embedded Teaming (SET) on your network, but now you want to remove a virtual switch named VSwitch1. What PowerShell cmdlet do you use to remove the virtual switch?
A. Remove-VM "VSwitch1"
B. Remove-VMSwitch "VSwitch1"
C. Delete-VMSwitch "VSwitch1"
D. Delete-VM "VSwitch1"
```
B. The Remove-VMSwitch cmdlet deletes a virtual switch. Remove-VMSwitch "VSwitch1" is the correct cmdlet to use to remove the virtual switch.
60
You are the administrator for your company network. You and a colleague are discussing Storage Quality of Service (QoS). Storage QoS allows a Hyper-V administrator to manage how virtual machines access storage throughput for Virtual Hard Disks (VHDs). Storage QoS gives an administrator the ability to guarantee which of the following?
A. That the storage throughput of a single VHD cannot adversely affect the performance of another VHD on the same host
B. That the storage throughput of a single VHD cannot adversely affect the performance of another VHD on a different host
C. That the storage throughput of multiple VHDs cannot adversely affect the perfor- mance of another VHD on the same host
D. That the storage throughput of multiple VHDs cannot adversely affect the perfor- mance of another VHD on the different hosts
A. Storage QoS gives an administrator the ability to guarantee that the storage throughput of a single VHD cannot adversely affect the performance of another VHD on the same host. It does this by giving administrators the ability to specify the maximum and mini- mum I/O loads based on I/O operations per second (IOPS) for each virtual disk in your virtual machines.
61
You are the administrator for your company network. You have a Windows Server 2016 Hyper-V host server that contains production and test virtual machines (VMs). You plan to optimize the performance of the VMs. The following settings must be applied to the VMs:
■✓ You must set a maximum value for the input/output operations per second (IOPS) on the test VMs.
■✓ You must set a minimum value for the IOPS on the production VMs.
How should you configure the environment?
A. Create a shared virtual hard disk (VHD).
B. Enable Network Quality of Service (QoS) on all virtual machines.
C. Enable Resource Metering on the Hyper-V host server.
D. Enable Storage Quality of Service (QoS) on all virtual machines.
D. Storage QoS provides the ability to specify a maximum IOPS value for your virtual hard disk. An administrator can throttle the storage I/O to stop a tenant from consuming excessive storage resources that may impact another tenant. Administrators can also set a minimum IOPS value. They will be notified when the IOPS to a specified virtual hard disk is below a threshold that is needed for its optimal performance.
62
You are the administrator for your company network. You and a colleague are discussing Software Defined Networking (SDN), which allows an administrator to control which of the following?
A. To centrally manage and control all virtual and physical network devices
B. To manage datacenter switches, routers, and gateways
C. To manage virtual elements like Hyper-V virtual switches and gateways
D. All of the above
D. Software Defined Networking (SDN) allows an administrator to centrally manage and control all of your virtual and physical network devices. These devices include things like datacenter switches, routers, and gateways. SDN also allows administrators to manage vir- tual elements like Hyper-V virtual switches and gateways. Administrators can easily man- age their entire networks centrally.
63
```
You are the administrator for your company network. You and a colleague are discussing network controllers for Windows Server 2016. Network controllers use different Applica- tion Programming Interface (API) languages to control all of the different hardware on your network. Which API allows network controllers to communicate with the network?
A. Northbound API
B. Southbound API
C. Eastbound API
D. Westbound API
```
B. The Southbound API allows network controllers to communicate with the network. Network controllers use API languages to control all of the different hardware on your net- work. The Northbound API allows you to communicate with the network controller.
64
```
You are the administrator for your company network. You have recently installed the Network Controller feature and you now want to set up a network controller by using PowerShell. Which cmdlet should you use?
A. New-NetworkControllerNode
B. New-NetworkController
C. New-NetworkControllerCluster
D. New-NetworkControllerNodeObject
```
D. The New-NetworkControllerNodeObject cmdlet creates a Network Controller node object. This cmdlet is used for configuring a Network Controller for the first time:
New-NetworkControllerNodeObject -Name -Server -FaultDomain -RestInterface [-NodeCertificate ] [-WhatIf] [-Confirm] []
65
You are the administrator for your company network. You and a colleague are discuss-
ing RAS Gateways. You are discussing the modes used with RAS. Which mode is used for Cloud Service Providers (CSPs) or enterprise networks to allow datacenter or cloud network traffic routing between virtual and physical networks (including traffic that goes over the Internet)?
A. Dual tenant mode
B. Lone tenant mode
C. Multitenant mode
D. Single tenant mode
C. Multitenant mode is used for CSPs or enterprise networks to allow datacenter or cloud network traffic routing between virtual and physical networks. This includes traffic that goes over the Internet. In multitenant mode, administrators will deploy the RAS Gateway on a Windows Server 2016 virtual machine.
66
You are the administrator for your company network. You and a colleague are discuss- ing deploying Network Controller. If the computers or virtual machines for Network Controller and the management client are domain-joined, then you will want to configure
for Kerberos authentication. (Fill in the blank.)
A. A security group
B. A distribution group
C. A global group
D. A universal group
A. If the computers or virtual machines for Network Controller and the management client are domain-joined, you configure security groups for Kerberos authentication. A security group defines who can access particular resources.
67
```
You are the administrator for your company network. You have a Windows Server 2106 virtual machine named Server1 that you plan to use as part of a Software Defined Net- working (SDN) solution. Many technologies work together to create an SDN solution. One such technology provides the ability to manage the routing of network traffic between your tenants’ virtual machine networks and their remote sites. What technology is this?
A. Border Gateway Protocol (BGP)
B. Network Controller
C. Internal DNS Service (iDNS) for SDN
D. Datacenter Firewall
```
A. Border Gateway Protocol (BGP) provides you with the ability to manage the routing of network traffic between your tenants’ virtual machine networks and their remote sites. BGP reduces the need for manual route configuration on routers because it is a dynamic routing protocol, and it automatically learns routes between sites that are connected by using site- to-site VPN connections.
68
```
You are the administrator for your company network. You have a Windows Server 2106 virtual machine named Server1 that you plan to use as part of a Software Defined Net- working (SDN) solution. Many technologies work together to create a SDN solution. One such technology is a lightweight operating system virtualization method used to separate applications or services from other services that are running on the same container host. What technology is this?
A. Datacenter Firewall
B. Network Controller
C. System Center
D. Windows Containers
```
D. Windows Server Containers are a lightweight operating system virtualization method used to separate applications or services from other services that are running on the same container host. Windows Containers are independent and isolated environments that run an operating system. These isolated environments allow an administrator to place an appli- cation into its own container, thus not affecting any other applications or containers.
With Windows Server 2016, you can now connect Windows Server Containers to virtual networks.
69
```
You are the administrator for your company network. You and a colleague are discussing setting up Network Address Translation (NAT) for traffic forwarding in Software Defined Network (SDN) infrastructure. You know that NAT supports two types. Which type for- wards the external traffic to a specific virtual machine in a virtual network?
A. Internal NAT
B. Inbound NAT
C. Outbound NAT
D. External NAT
```
B. An Inbound NAT forwards the external traffic to a specific virtual machine in a virtual network.
NAT allows virtual machines (VMs) in an isolated SDN virtual network to obtain external connectivity. Virtual Machine Manager (VMM) configures a Virtual IP (VIP) to forward the traffic to and from an external network. The following two NAT types are supported
by VMM:
■■ Outbound NAT—Forwards the VM network traffic from a virtual network to external destinations
■■ Inbound NAT—Forwards the external traffic to a specific virtual machine in a virtual network
70
You are the administrator for your company network. You and a colleague are discussing NIC Teaming. You know that NIC Teaming is a common practice when setting up virtu- alization. This is one way that you can have load balancing with Hyper-V. NIC Teaming gives an administrator the ability to do which of the following?
A. To allow a virtual machine to use routers in Hyper-V
B. To allow a virtual machine to use physical network switches in Hyper-V
C. To allow a virtual machine to use virtual network adapters in Hyper-V
D. To allow a virtual machine to use firewall software in Hyper-V
C. NIC Teaming gives an administrator the ability to allow a virtual machine to use virtual network adapters in Hyper-V. The advantage of using NIC Teaming in Hyper-V is that the administrator can connect to more than one Hyper-V switch.
71
You are the administrator for your company network. You and a colleague are discussing NIC Teaming. You know that you can configure NIC Teaming using PowerShell, but what other tool allows you to configure NIC Teaming?
A. Server Manager
B. Hyper-V Manager
C. Remote Server Administration Tools (RSAT)
D. Active Directory
A. An administrator can configure NIC Teaming using either Server Manager or Power- Shell. Membership in the Administrators group, or equivalent, is a minimum requirement.
72
```
You are the administrator for your company network. You and a colleague are discussing technologies for a Software Defined Network (SDN) infrastructure. One such technology is defined as a network layer, 5-tuple (protocol, source and destination port numbers, source and destination IP addresses), stateful, multitenant firewall. What is being discussed?
A. Network Controller
B. Software Load Balancer (SLB)
C. Internal DNS Service (iDNS)
D. Datacenter Firewall
```
D. Datacenter Firewall is a new service included with Windows Server 2016. It is a net- work layer, 5-tuple (protocol, source and destination port numbers, source and destina- tion IP addresses), stateful, multitenant firewall. 5-tuple refers to a set of five different values that comprise a Transmission Control Protocol/Internet Protocol (TCP/IP) connection.
73
```
You are the administrator for your company network. You and a colleague are discussing installing a Remote Access Service (RAS) Gateway for your Software Defined Network (SDN) infrastructure. What is it called when you have the ability of a cloud infrastructure to support the virtual machine workloads of multiple tenants, yet isolate them from each other, while all of the workloads run on the same infrastructure?
A. Single Tenant mode
B. Multitenant mode
C. Multiple Tenant mode
D. Specific Tenant mode
```
B. Multitenant mode allows Cloud Service Providers (CSPs) and Enterprises to use RAS Gateway to enable datacenter and cloud network traffic routing between virtual and physi- cal networks, including the Internet. Multitenancy is the ability of a cloud infrastructure to support the virtual machine workloads of multiple tenants, yet isolate them from each other, while all of the workloads run on the same infrastructure.
74
```
You are the administrator for your company network. You are planning to deploy a Remote Access Service (RAS) Gateway in multitenant mode for use in your Software Defined Net- work (SDN) infrastructure. What tool must you use in order to install this?
A. Server Manager
B. RAS Gateway Management tool
C. Windows PowerShell
D. Virtual Machine Manager (VMM)
```
C. You cannot use the Windows interface to install Remote Access when you want to deploy Remote Access Service (RAS) Gateway in multitenant mode for use with Software Defined Network (SDN). You must use Windows PowerShell.
75
You are the administrator for your company network. You are planning to install Remote Access Service (RAS) Gateway with multitenant mode and Border Gateway Protocol (BGP) to your Software Defined Network (SDN) infrastructure. How do you install the Remote- Access Windows feature?
A. Add-WindowsFeature -Name RemoteAccess -IncludeAllSubFeature -IncludeManagementTools
B. Add-WindowsFeature -Name RemoteAccessGateway -IncludeAllSubFeature -IncludeManagementTools
C. Add WindowsFeature -Name RemoteAccess -IncludeAllSubFeature -IncludeManagementTools
D. Add-WindowsFeature -Name RemoteGateway -IncludeAllSubFeature -IncludeManagementTools
A. Before you can install RAS Gateway by using PowerShell, you must use PowerShell to add the RemoteAccess Windows feature. To do this, run the following command at the PowerShell prompt:
Add-WindowsFeature -Name RemoteAccess -IncludeAllSubFeature -IncludeManagementTools
This command adds the RemoteAccess feature and the PowerShell commands for the fea- ture. After you have added RemoteAccess to your server, you can install Remote Access as a RAS Gateway with multitenant mode and BGP.
76
```
You are the administrator for your company network. You and a colleague are discussing network controllers for Windows Server 2016. Network controllers use different Applica- tion Programming Interface (API) languages to control the different hardware on your net- work. Which API allows the network to communicate with the network controller?
A. Northbound API
B. Southbound API
C. Eastbound API
D. Westbound API
```
A. The Northbound API allows the network to communicate with the network controller. Network controllers use different application programming interface (API) languages to control all of the different hardware on your network. The Southbound API allows network controllers to communicate with the network.
77
You are the administrator for your company network. You and a colleague are discussing deploying the Network Controller server role on your Software Defined Network (SDN) infrastructure. Where should you deploy the Network Controller server role?
A. On the physical hosts
B. On a Hyper-V virtual machine on the Hyper-V host
C. On the target machine
D. On a Hyper-V virtual machine on the Hyper-V target machine
B. To deploy Network Controller, you must install the Network Controller server role on a Hyper-V virtual machine (VM) that is installed on a Hyper-V host. Do not deploy the Net- work Controller server role on physical hosts. Membership in Administrators, or equiva- lent, is the minimum required to perform this procedure.
78
```
You are the administrator for your company network. You have a Windows Server 2106 virtual machine named Server1 that you plan to use as part of a Software Defined Net- working (SDN) solution. Many technologies work together to create an SDN solution. One such technology hosts virtual machines (VMs) and applications require DNS to communi- cate within their own networks and with external resources on the Internet. You can pro- vide tenants with DNS name resolution services for their isolated, local name space and for Internet resources. What technology is being discussed?
A. Border Gateway Protocol (BGP)
B. Network Controller
C. Internal DNS Service (iDNS) for SDN
D. Datacenter Firewall
```
C. Internal DNS Service (iDNS) for SDN-hosted virtual machines (VMs) and applications requires DNS to communicate within their own networks and with external resources on the Internet. With iDNS, you can provide tenants with DNS name resolution services for their isolated, local name space, and for Internet resources.
79
You are the administrator for your company network. You and a colleague are discussing installing Network Controller for your Software Defined Network (SDN) infrastructure. You know there are installation requirements that must be met. For Windows Server 2016 deployments, you can deploy Network Controller on one or more computers, one or more VMs, or a combination of computers and VMs. All VMs and computers planned as net- work controller nodes must be running which edition of Windows Server 2016?
A. Windows Server 2016 Standard edition
B. Windows Server 2016 Nano Server
C. Windows Server 2016 Datacenter edition
D. Windows Server 2016 Server Core
C. For Windows Server 2016 deployments, you can deploy Network Controller on one or more computers, one or more VMs, or a combination of computers and VMs. All VMs and computers planned as network controller nodes must be running Windows Server 2016 Datacenter edition.
80
```
You are the administrator for your company network. You have recently installed Network Controller and you now want to set up a network controller cluster by using PowerShell. Which cmdlet should you use?
A. Install-NetworkControllerNode
B. Install-NetworkController
C. Install-NetworkControllerCluster
D. Install-NetworkControllerNodeObject
```
C. The Install-NetworkControllerCluster cmdlet creates a network controller cluster. Configuration of the network controller involves creating a network controller cluster and then creating a network controller application on top of the cluster. You can create a net- work controller application by using the Install-NetworkController cmdlet.
81
You are the administrator for your company network. You and a colleague are discussing virtual Receive Side Scaling (vRSS). You know that vRSS is enabled by default, but you
can disable it by using PowerShell. What PowerShell cmdlet can disable vRSS for a virtual machine on the Hyper-V Virtual Switch port by using the PowerShell on the Hyper-V host?
A. Set-VMNetworkAdapter -VrssEnabled $TRUE
B. Set VMNetworkAdapter -VrssEnabled $TRUE
C. Set VMNetworkAdapter -VrssEnabled $FALSE
D. Set-VMNetworkAdapter -VrssEnabled $FALSE
D. You can disable vRSS for a VM on the Hyper-V Virtual Switch port by using the following Windows PowerShell cmdlet on the Hyper-V host: Set-VMNetworkAdapter -VrssEnabled $FALSE.
82
```
You are the administrator for your company network. You and a colleague are discuss- ing Network Controllers. You can use the Network Controller feature to manage network infrastructure components. What are some of the network infrastructure components that network controllers might include?
A. Physical switches
B. Physical routers
C. Hyper-V switches
D. Datacenter Firewalls
E. VPN Gateways
F. All of the above
```
F. Administrators can use Windows PowerShell to communicate with the Representational State Transfer (REST) API (this is the management application) to manage their network infrastructure components. These components include the following:
■■ Physical switches
■■ Physical routers
■■ Hyper-V switches and Virtual Machines (VMs)
■■ Datacenter Firewalls
■■ VPN Gateways
■■ Load Balancing components
83
You are the administrator for your company network. You and a colleague are discussing
Internal DNS Service (iDNS) for your Software Defined Network (SDN) infrastructure. Which of the following is a key feature of iDNS?
A. Provides private Domain Name System (DNS) name resolution services for tenant workloads
B. Provides shared Domain Name System (DNS) name resolution services for tenant workloads
C. Provides private Domain Name System (DNS) name resolution services for host workloads
D. Provides shared Domain Name System (DNS) name resolution services for host workloads
B. The following are the key features of iDNS:
■■ iDNS provides shared DNS name resolution services for tenant workloads.
■■ iDNS is an authoritative DNS service for name resolution and DNS registration within the tenant name space.
■■ iDNS is a recursive DNS service for resolution of Internet names from tenant VMs.
■■ If desired, you can configure simultaneous hosting of fabric and tenant names.
■■ iDNS provides a cost-effective DNS solution because tenants do not need to deploy their own DNS infrastructure.
■■ iDNS provides high availability with Active Directory integration, which is required.
84
```
You are the administrator for your company network. You and a colleague are discussing technologies for a Software Defined Network (SDN) infrastructure. One such technology allows an administrator to set up multiple servers that can host the same workload. This gives an organization the ability to have high availability and scalability between the server’s workload. What is being discussed?
A. Network Controller
B. Software Load Balancer (SLB)
C. Internal DNS Service (iDNS)
D. Datacenter Firewall
```
B. Software Load Balancer (SLB) allows an administrator to set up multiple servers that can host the same workload. This gives an organization the ability to have high availability and scalability between the server’s workload.
85
You are the administrator for your company network. You have a Windows Server2016 server named Hyperv1, which is a Hyper-V host that hosts a virtual machine named VM1. Hyperv1 has three network adapter cards that are connected to virtual switches named Ethernet1, Ethernet2, and Ethernet3. NIC Teaming on VM1 is currently configured as follows:
Team Name: VM1 NIC Team
Member Adapters: Ethernet2 10 Gbps
Ethernet3 10 Gbps
Teaming Mode: Switch Independent
Load Balancing Mode: Address Hash
Standby Adapter: None (all adapters Active)
Primary Team Interface: VM1 NIC Team; Default VLAN
What should you do if you need to ensure that VM1 will retain access to the network if a physical network adapter card fails on Hyperv1?
A. From the properties of the NIC team on VM1, add the adapter named Ethernet1 to the NIC team.
B. From Hyper-V Manager on Hyperv1, modify the settings on VM1.
C. From PowerShell on VM1, run the Set-VmNetworkAdapterTeamMapping cmdlet.
D. From PowerShell on Hyperv1, run the Set-VmNetworkAdapterFailoverConfiguration cmdlet.
A. NIC Teams within a virtual machine must have their Teaming mode configured as Switch Independent. In addition, Load Balancing Mode for the NIC Team in a VM must be config- ured with the Address Hash distribution mode. You can configure NIC Teaming in the Guest OS; however, before NIC Teaming will work in a virtual machine, you need to enable NIC Teaming in the Advanced Features section of the VM settings. In this question, Ethernet1 has not been added to the NIC Team, so you must add the missing adapter to the NIC Team.
86
```
You are the administrator for your company network. You have a Windows Server 2016 Hyper-V host named Server1 that hosts several virtual machines. Each virtual machine has two network adapters. Server1 also contains several virtual switches. On Server1, you cre- ate a NIC Team that has two network adapters. You discover that the NIC Team is set to Static Teaming mode. What cmdlet should you use if you need to modify the NIC Teaming mode to Switch Independent?
A. Set-NetLbfoTeam
B. Set-NetLbfoTeamNic
C. Set-VMNetworkAdapter
D. Set-VMSwitch
```
A. The Set-NetLbfoTeam cmdlet sets the TeamingMode or LoadBalancingAlgorithm parameters on the specified NIC Team.
87
```
You are the administrator for your company network. You and a colleague are discussing NIC Teaming. You know that you can set up NIC Teaming by using Server Manager or PowerShell and that different configuration models are available. If you want each NIC adapter connected into a different switch, what is this configuration called?
A. Switch Dependent
B. Switch Reliant
C. Switch Independent
D. Switch Autonomous
```
C. Switch Independent means that each NIC adapter is connected into a different switch. If you use Switch Independent NIC Teaming, you must connect your NICs to different switches, but both switches must be on the same subnet. There are no such models as Switch Reliant or Switch Autonomous.
88
You are the administrator for your company network. You have a Windows Server 2106 virtual machine named Server1 that you plan to use as part of a Software Defined Net- working (SDN) solution. What should you install if you need to implement the Border Gateway Protocol (BGP) on Server1?
A. Peer Name Resolution Protocol (PNRP) feature
B. Network Device Enrollment Service role service
C. Network Policy and Access Services server role
D. Routing Role service
D. To use Border Gateway Protocol (BGP) routing, you must install the Remote Access Ser- vice (RAS) and/or the Routing Role service of the Remote Access server role on a computer or virtual machine (VM). BGP reduces the need for manual route configuration on routers because it is a dynamic routing protocol, and it automatically learns routes between sites that are connected by using site-to-site VPN connections.
