Routing and filtering network traffic - Part 3: Network Address Translation

1. Open Routing and Remote Access .
2. To add NAT, right-click General under IPv4 and select New Routing Protocol . Select NAT and click OK .
3. In the console tree, click NAT under IPv4 .
4. Right-click NAT , and then click Properties .
5. On the Address Assignment tab, select Automatically Assign IP Addresses with the checkbox Using the DHCP Allocator .
6. (Optional) To find DHCP clients on a private network, in IP address and Mask, configure the range of IP addresses.
7. (Optional) To exclude addresses from a certain location for DHCP clients on a private network, click Exclude , Add , and then configure the addresses.

1. Right-click on the general interface and select Properties .
2. Select the Services and Ports tab
3. Select the protocol you want to forward.
4. When the Edit Services dialog box appears, specify a private address and click OK to close the Edit Services dialog box.
5. Click OK to close the Properties dialog box.

1. Teredo does not change the behavior of NATs. Teredo clients create dynamic NAT translation table entries for their own Teredo traffic. The NAT forwards Teredo traffic sent to the host that created the corresponding NAT translation table. The NAT does not forward Teredo traffic to computers on the private network without Teredo clients.
2. Teredo clients using stateful firewalls that support IPv6 traffic (such as Windows Firewall) are protected against unsolicited incoming IPv6 traffic. Windows Firewall is enabled by default for Windows XP SP2, Windows Vista, and Windows Server 2008.

2. There is a Windows Server 2008 server. You need to add a new static route to the routing table on the server. This new route to the network ID is 192.168.126.0 and subnet mask 255.255.255.0, using the default gateway is 192.168.125.1. What command do you need to use to do this?

3. For a network with several subnets. Windows Server 2008 router has been used to connect subnets. A static route is required. Static routers are not deleted from the routing table when the computer is restarted. Which of the following parameters needs to be used with the route command?

4. A server is running Windows Server 2008. Your task is to prevent the computer from setting up communication sessions to other computers using TCP port 21. What should you do?

5. Have a Windows Server 2008 computer. To disable all connections to the server, what do you need to do?

6. Your network consists of 7 subnets. All subnets are connected by Windows Server 2008 machines using RRAS. Unstable demand-dial connections have been configured. You do not want to put a lot of effort into upgrading the routing tables, but you just want any changes to the network topology to be immediately available. Which of the following options do you need to select?

7. The network consists of three different subnets. Dynamic routing is being implemented on three computers running Windows Server 2008, with Routing and Remote Access of these computers enabled. You open the Routing and Remote Access console on the first server and configure the computer for LAN routing. Then select New Routing Protocol from the General button in the IP Routing button and select RIP version 2 for Internet Protocol from the New Routing Protocol dialog box. What is the next thing you need to do?

8. You are a network administrator for your company. All servers are running Microsoft Windows Server 2008. Some servers are configured as routers with RIP enabled. You want to exclude from appearing routing loops. So you have opened the properties window of the interface assigned to the RIP protocol and selected the Advanced tab. Which of the following options meets those requirements?

9. You have a network with several Windows Server 2008 computers. Your company has just opened a remote office. You are responsible for configuring a two-way demand-dial connection between the corporate office and the remote office. You configure the demand-dial routers with the following settings:

1. Corporate Office Router Settings:

1. Interface: SRV02_Public
2. User Account: SRV02
3. Calling Number: 555-3434

1. Site Router Settings:

1. Interface: SRV01_Public
2. User Account: SRV01
3. Calling Number: 555-1212

10. You have a Windows Server 2008 server that is configured as a NAT server. Your task is to ensure that administrators can access the server named FS1 by FTP. What do you need to do here?

11. You have a Windows Server 2008 server with IPv4, IPv6 and NAT at the corporate office and branch offices. What do you need to do here to allow IPv6 computers from the corporate office and branch offices to use Teredo to communicate with each other?

1. Answer A is correct. You need to install the Routing and Remote Access role and then need to enable IPV4 LAN routing. Question B is wrong because the netsh command is not used to enable routing but it can only be used to configure the interface. network. Answer C later because NAT cannot be routed and you cannot use the netsh command to enable NAT. Answer D is also wrong because NPS does not allow routing. NPS is used as a RADIUS server and allows the implementation of RADIUS policies.
2. Answer B is correct. The correct syntax for adding new static routes with the route command is route add mask metric . Sentences A, C and D are wrong because they do not use the correct syntax.
3. Answer D is correct. You use the / p parameter to add a persistent route to the routing table. This route will not be deleted from the routing table when the router restarts. The remaining sentences are wrong.
4. Answer D is correct. You need to create a rule for outbound rules by using Windows Firewall with Advanced Security snap-in to lock port 21. Answers A and B are incorrect because you are using Windows Firewall with Advanced Security snap- Print to Windows Server 2008 computer to adjust what it provides on standard Windows Firewall. In addition, an exception will be used to allow traffic, if you block all incoming connections, other protocols will also be blocked and no traffic will be able to pass through the server. Answer C is incorrect because you want a rule for outgoing packets, not incoming packets because traffic from one server to another will be outgoing traffic.
5. Answer D is correct. You can open Windows Firewall, enable Block All Connections to disable all incoming connections. Domain profiles are used when a computer is connected to a network where this computer's domain account resides. Answer A is incorrect because the Server service will stop file and printer sharing. Net Logon service prevents logins but does not prevent all necessary connections. Question C is because disabling the firewall will allow all traffic to pass through it.
6. Answer D is correct. In order for changes to be common across the network when they appear and to reduce the administrative burden associated with upgrading routing tables, a routing protocol is required. Because OSPF cannot be used with unstable connections and OSPF is not available in Windows Server 2008, we must use RIPv2. Sentences A and C are wrong. Answer B is also wrong because ICMP is not a routing protocol.
7. Answer B is correct. You need to use the context menu of the Routing Interface Protocol (RIP) button to add an interface to the RIP. When adding a routing protocol, the protocol will not be configured by default to use the interface, so you must recognize that interface and other interfaces, such as a LAN connection where the protocol can use. Answer A is incorrect because the script does not indicate that there is a DHCP server on the network. Answer C is incorrect because routing tables are built automatically. Answer D is incorrect because there is no need to remove static routes from the routing table.
8. Answer A is correct. The correct answer is to enable split-horizon processing. You must select this option to ensure that any route known from a network is not sent as a RIP notification to the network. When this option is enabled, a router cannot advertise a route on the same connection it already knows. Sentences B, C and D do not help eliminate routing loops.
9. Answer B is correct. You must change the user account name on each router to correspond to the name assigned to the demand-dial interface on the answering router. For a two-way demand-dial connection to work, the user account used for authentication must be the same as the name assigned to the demand-dial interface. The name of the demand-dial interface of the branch office router must be changed to SRV02. The name of the demand-dial interface in the main office router must be changed to SRV01. Answer D is incorrect because the user accounts used for remote authentication between demand-dial routers do not need to be the same. Questions A and C are incorrect because the demand-dial interface name on the calling router must be the same as the user account name on the calling router.
10. Answer A is correct. You need to forward port 20 and 21 to FS1. Ports 20 and 21 are the ports used by FTP. Answer B is incorrect because port 80 and 443 are used by web server. Answer C is incorrect because port 25 is used for SMTP. Answer D is incorrect because port 3389 is used by Remote Desktop Protocol.
11. Answer B is correct. By default, the firewall is launched and Teredo is locked. Answer A is wrong because you already have NAT. Answer C is wrong because there are many routes between branches. Answer D is wrong because the Teredo emulator is not.