Your network contains an Active Directory domain named contoso.com. The domain contains a member server
named HVServer1. HVServer1 runs Windows Server 2012and has the Hyper-V server role installed.
HVServer1 hosts 10 virtual machines. All of the virtual machines connect to a virtual switch named Switch1.
Switch1 is configured as a private network. All of the virtual machines have the DHCP guard and the router
guard settings enabled.
You install the DHCP server role on a virtual machine named Server 1. You authorize Server1 as a DHCP
server in contoso.com. You create an IP scope.
You discover that the virtual machines connected toSwitch1 do not receive IP settings from Server1.
You need to ensure that the virtual machines can use Server1 as a DHCP server.
What should you do?
A.
Enable MAC address spoofing on Server1.
B.
Disable the DHCP guard on all of the virtual machines that are DHCP clients.
C.
Disable the DHCP guard on Server1.
D.
Enable single-root I/O virtualization (SR-IOV) onServer1.
Explanation:
SR-IOV enables network traffic to bypass the software switch layer of the Hyper-V virtualization stack.
Becausethe VF is assigned to a child partition, thenetwork traffic flows directly between the VF and child
partition. As aresult, the I/O overhead in the software emulation layer is diminished and achieves network
performance that isnearly the same performance as in nonvirtualized environments.
That’s C!
D is correct. C won’t work since it’s a private network.
You install the DHCP server role on a virtual machine named Server 1.
I think that is the line which makes me believe the answer is dhcp guard. server 1 is a virtual machine
I think the correct answer is D, because the DHCP Server is already authorized and may not conflict with dhcp guard which blocks only the unauthorized dhcp server.. right?
I understand that A, B and C not be an correct answer.
But I do not understand why D is…
I think this is C. All on the VMs are connected to the same “private” virtual switch, including the new DHCP server VM, Server1. The other VMs are not getting a DHCP address from another VM connected to the same virtual switch. If you disable DHCP guard on the Server1 VM then the other VMs would be able to get DHCP addresses from Server1.
Of course that scenario would never happen as the entire contoso.com domain would have to exists as VMs connected to the same “Private” virtual switch. This would mean the Hyper-V host, which is mentioned to be a domain member server, would never be able to contact a Domain Controller which must be a VM as well since the DHCP server was able to be authorized.
This is a poorly designed question. The scenario would work fine if the virtual switch was “Internal” instead of “Private”. I’ll still be answering with C as I think the intent of the question is to understand DHCP Guard.
Looks like the answer is C.
http://baudlabs.com/beware-of-the-dhcp-guard-setting-on-hyper-v-virtual-machines/
I think it’s D because is not A,B or C
DHCP Guard : This setting stops the virtual machine from making DHCP offers over this network interface. To be clear – this does not affect the ability to receive a DHCP offer (i.e. if you need to use DHCP to acquire an IP address that will work) it only blocks the ability for the virtual machine to act as a DHCP server.
source: http://blogs.msdn.com/b/virtual_pc_guy/archive/2014/03/24/hyper-v-networking-dhcp-guard.aspx
Based on your description the answer is C not D
The right answer is C.
Authorizing the DHCP server in the AD does not configure Hyper-V to allow DHCP answers to leave the virtual machine.
That’s why you also have to configure that.
I think both links from TryingToPass and David clarify the situation (although I dont know, why David then still sticks to the wrong answer, despite posting the right link).
In Davids MSDN blog it clearly states that DHCP Guard prevents the VM from acting as a DHCP Server.
So answer is very clearly C.
it’s C, but still it’s a very bad question.
The “trick” part is the authorization. But the vm’s are on a private network so the domain of the hyper-v host and the vm’s can’t be the same (although the names could be) Authorizing in contoso domain of the hyper-v host would therefor be impossible as there’s no connection. So either the DHCP server isn’t authorized or done by the a dc within the private network. Both leading to the hyper-v host seeing the dhcpserver as unauthorized.
Doh is right, the answer is C
The key is that “You install the DHCP server role on a virtual machine named Server 1”. The fact that the VMs are on a private network would lead you to think the answer is SR-IOV but “Server 1” is a VM on the Private network…Server 1 is essentially being set up for as the DHCP server for the private network for the VMs. DHCP Guard is preventing Server 1 from handing out IP address.
DHCPGuard allows you to specify whether DHCP server messages coming from a VM should be dropped. For VMs that are running an authorized instance of the DHCP server role, you can turn DHCPGuard off by using the following cmdlet:
Set-VMNetworkAdapter – VMName MyDhcpServer1 – DhcpGuard Off
For all other VMs that are not authorized DHCP servers, you can prevent them from becoming a rogue DHCP server by turning DHCPGuard on. So best answer is C.
DHCP guard is a new property in Server 2012 Hyper-V that you can configure for each network adapter in a virtual machine (VM). When DHCP guard is enabled, it prevents a VM from acting as a DHCP server. So C is right
C is correct.
Like this question:
https://www.aiotestking.com/microsoft/you-need-to-ensure-that-the-virtual-machines-can-use-server1-as-a-dhcp-server-2/#comment-1350121