Your network contains a server named Server1 that runs Windows Server 2012. Server1
has the DHCP Server server role installed. The network contains a Virtual Desktop
Infrastructure (VDI).
All virtual machines run Windows 8.
You identify the following requirements for allocating IPv4 addresses to client computers:
All virtual desktops must have static IP addresses.
All laptop computers must receive dynamic IP addresses.
All virtual desktops must be prevented from obtaining dynamic address.
You need to recommend a DHCP solution that meets the requirements for allocating IPv4
addresses.
The solution must use the least amount of administrative effort.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A.
Configure DHCP filtering.
B.
Configure DHCP policies.
C.
Create two physical subnets. Connect the laptop computers to the subnet that contains
Server1.
D.
Create two physical subnets. Configure 802.1 X authentication for each subnet.
I’m confused. Why DHCP filtering and not a DHCP Policy?. For me a better answer is B.
using policies you can set up DHCP options for clients based on the MAC addresses dedicated to VDI, for MS standard range is 00:1D:D8:B7:1C:00 – 00:1D:D8:F4:1F:FF, for VMware range is 00:50:56:00:00:00 – 00:50:56:3F:FF:FF. But you cannot prevent from fetching parameters from DHCP. When VDI is setup to get parameters from DHCP it will fetch it.
DHCP deny filter prevents respond to clients using defined MAC address pattern.
Answer should be A.
Still think the correct answer: B
The DHCP Server role in Windows Server 2012 introduces a new feature that allows you to create IPv4 policies that specify custom IP address and option assignments for DHCP clients based on a set of conditions.
The policy based assignment (PBA) feature allows you to group DHCP clients by specific attributes based on fields contained in the DHCP client request packet. PBA enables targeted administration and greater control of the configuration parameters delivered to network devices with DHCP.
Example: In a subnet which has a mix of wired and mobile computers, you might want to assign a shorter, 4 hour lease duration to mobile computers and longer, 4 day lease duration to wired computers.
Incorrect:
not A: DHCP filtering provides security by filtering untrusted DHCP messages. An untrusted message is a message that is received from outside the network or firewall, and that can cause traffic attacks within network.
>not A: DHCP filtering provides security by filtering untrusted DHCP messages. An untrusted message is a message that is received from outside the network or firewall, and that can cause traffic attacks within network.
You are quoting from a guide for Oracle products:
https://docs.oracle.com/cd/E19859-01/820-3252-11/FP44ucgDHCPFiltering.html
Wojtek is right.
He is quoting from the Premium dump, which is probably quoting (read: copy-pasting) from the first link that comes up in google.
Premium dumps are almost less trustworthy than user-created dumps.
Given answer is correct:
http://blogs.technet.com/b/teamdhcp/archive/2012/08/22/granular-dhcp-server-administration-using-dhcp-policies-in-windows-server-2012.aspx – DHCP Policies
http://blogs.technet.com/b/teamdhcp/archive/2012/09/15/scope-level-link-layer-filtering-using-dhcp-policies-in-windows-server-2012.aspx – DHCP filtering.
As Wojtek said… DHCP Policies satisfies most of the criteria, but it doesn’t satisfy the DENY criteria. That is only achieved with Filtering.
Doesnt this technet article prove you wrong? It provides instructions on how to set up deny criteria through a DHCP policy. https://technet.microsoft.com/en-us/library/dn425040.aspx
Ok,
I spend alot of time on this question and I believe the answer is B
It can be done with both.
But I will explain:
with policies you can use wildcards and define ranges/vendor. You just make the range as you want it to be.
With the filter you can not use wildcards and when you enable Allow for example everything else will be blocked and reversed.
Also when using the filter you need to update it manually constantly.
Both are possible but the question states:
“More than one answer choice may achieve the goal. Select the BEST answer.”
The best answer will be B because you configure it and you are done with it.
DHCP filter as only Allow and Deny functions with the MAC Address or MAC address groups. But with DHCP policy you can set the other configurations like Vendor class, user policy and etc. Without class you will not be able to know which is desktop and which is laptop computer and you can choose the condition such as given IP address. And you can forward the computers to any IP network you want. In my company I created policy and for mobile phones I give another DHCP but for client computers which OS is Windows forwarded to another DHCP. Buy this way it’s possible to block also.
And the correct answer is B. Configure DHCP Policies
agree.
Given answer is correct:
As least amount of administrative effort