Microsoft Certification 70-642

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Rayandlisaj
R
Rayandlisaj
Community Contributor
Quizzes Created: 5 | Total Attempts: 2,400
Questions: 62 | Attempts: 793

SettingsSettingsSettings
Microsoft Certification Quizzes & Trivia

70-642 Configuring Windows Server 2008 Network Infrastructure


Questions and Answers
  • 1. 

     A user in your organization complains that she cannot connect to any network resources. You run the Ipconfig command on her computer and find that the address assigned to the Local Area Connection is 169.254.232.21.  Which of the following commands should you type first? Ch1 L1

    • A.

      Ipconfig /renew

    • B.

      Ping 169.254.232.21

    • C.

      Tracert 169.254.232.21

    • D.

      Arp -a

    Correct Answer
    A. Ipconfig /renew
    Explanation
    A. Correct: The address shown is an APIPA address, which is assigned automatically to a DHCP client if a DHCP server cannot be found. An APIPA address usually results in a loss of connectivity to network resources. To fix the problem, you should first attempt to obtain a new address from a DHCP server. To do that, use the Ipconfig /renew command.
    B. Incorrect: This command will merely verify that you can connect to your own address. It will not help establish network connectivity.
    C. Incorrect: This command will merely verify that you can trace a path to your own address. It will not help establish network connectivity.
    D. Incorrect: This command displays the list of IP address-to-MAC address mappings stored on the computer. It will not fix any problems in network connectivity.

    Rate this question:

  • 2. 

    Which of the following address types is best suited for a DNS server? Ch1 L1

    • A.

      DHCP-assigned address

    • B.

      APIPA address

    • C.

      Alternate configuration address

    • D.

      Manual address

    Correct Answer
    D. Manual address
    Explanation
    A. Incorrect: You should not configure a DNS server as a DHCP client. A DNS server needs the most stable address available, which is a manually configured static address.
    B. Incorrect: An APIPA address is an address that signifies a network problem. It is not a stable address and should not be assigned to a server.
    C. Incorrect: An alternate configuration is not a stable address because it can be replaced by a DHCP-assigned address. You should assign the most stable address
    type—a static address—to a DNS server.
    D. Correct: The addresses of infrastructure servers such as DHCP and DNS servers should never change. Therefore, these server types should be

    Rate this question:

  • 3. 

    How many computers can you host in an IPv4 network whose address is 172.16.0.0/22? Ch1 L2  

    • A.

      512

    • B.

      1024

    • C.

      510

    • D.

      1022

    Correct Answer
    D. 1022
    Explanation
    A. Incorrect: A /23 network can support 512 addresses but only 510 devices.
    B. Incorrect: A /22 network can support 1024 addresses but only 1022 devices.
    C. Incorrect: A /23 network can support 510 devices, but a /22 network can support more.
    D. Correct: A /22 network can support 1024 addresses but only 1022 devices because two addresses in every block are reserved for network communications.

    Rate this question:

  • 4. 

    You work as a network administrator for a research lab in a large company. The research lab includes six computers for which central computing services has allocated the address space 172.16.1.0/29. You now plan to add 10 new computers to the research network. Company policy states that each network is granted address space only accordingto its needs. What should you do? Ch1 L2

    • A.

      Ask to expand the network to a /28 address block.

    • B.

      Ask to expand the network to a /27 address block.

    • C.

      Ask to expand the network to a /26 address block.

    • D.

      You do not need to expand the network because a /29 network is large enough to support your needs.

    Correct Answer
    B. Ask to expand the network to a /27 address block.
    Explanation
    A. Incorrect: A /28 network supports 16 addresses and 14 computers. You need to support 18 addresses and 16 computers.
    B. Correct: You need to support 18 addresses and 16 computers. A /27 network supports 32 addresses and 30 computers. This is the smallest option that provides you
    with the address space you need.
    C. Incorrect: A /26 network supports 64 addresses and 62 computers. This is larger than you need, so it would violate company policy.
    D. Incorrect: The current /29 network supports eight addresses and six computers. It cannot support the 16 computers you need.

    Rate this question:

  • 5. 

    You want an IPv6 address for a server that you want to connect to the IPv6 Internet. What type of IPv6 address do you need? Ch1 L3

    • A.

      A global address

    • B.

      A link-local address

    • C.

      A unique local address

    • D.

      A site-local address

    Correct Answer
    A. A global address
    Explanation
    A. Correct: Global addresses are routable addresses that can communicate directly with IPv6-only hosts on public networks. This is the kind of address you need if you want a static IPv6 address to which other computers can connect from across the IPv6 Internet.
    B. Incorrect: A link-local address is not routable and cannot be used on a public network.
    C. Incorrect: A unique-local address is routable but cannot be used on a public network.
    D. Incorrect: A site-local address is a version of a unique local address, but these address types

    Rate this question:

  • 6. 

    You want to create a test IPv6 network in your organization. You want the test network to include three subnets.  What type of IPv6 addresses do you need? Ch1 L3

    • A.

      Global addresses

    • B.

      Link-local addresses

    • C.

      Unique local addresses

    • D.

      Site-local addresses

    Correct Answer
    D. Site-local addresses
    Explanation
    A. Incorrect: You would need global addresses only if you wanted your network to connect to the public IPv6 network.
    B. Incorrect: Link-local addresses are not routable so they would not allow your subnets to intercommunicate.
    C. Correct: Unique local addresses resemble private address ranges in IPv4. They are used for private routing within organizations.
    D. Incorrect: Site-local addresses were once defined as a way to provide routing within a private network, but this address type has been deprecated.

    Rate this question:

  • 7. 

    After the address of a certain client computer is updated, you notice that a local DNS server is resolving the name of the computer incorrectly from cached information. How can you best resolve this problem? CH2 L1

    • A.

      At the DNS server, type the command dnscmd /clearcache.

    • B.

      Restart the DNS Client service on the client computer.

    • C.

      At the client computer, type ipconfig /flushdns.

    • D.

      Restart all DNS client computers.

    Correct Answer
    A. At the DNS server, type the command dnscmd /clearcache.
    Explanation
    A. Correct: This command flushes the DNS server cache. If you know that a DNS server is responding to queries with outdated cache data, it’s best to clear the server cache. This way, the next time the DNS server receives a query for the name, it will attempt to resolve that name by querying other computers.
    B. Incorrect: Restarting the DNS Client service will flush the DNS client cache on the computer in question. It won’t affect the way the DNS server responds to the query for that computer’s name.
    C. Incorrect: Typing ipconfig /flushdns simply clears the DNS client cache. It won’t affect the way the DNS server responds to the query for that computer’s name.
    D. Incorrect: Restarting all client computers will not fix the problem. It merely has the effect of clearing the DNS client cache on all computers. This could fix problems related to outdated client cache data, but it will not fix the problem on the DNS server itself.

    Rate this question:

  • 8. 

    You are working on a Windows Server 2008 computer named WS08A. You cannot connect to computers running Windows XP on the local network by specifying them by name in a UNC path such as \\computer1. What can you do to enable your computer to connect to these computers by specifying them in a UNC? CH2 L1

    • A.

      Enable IPv6 on WS08A.

    • B.

      Disable IPv6 on WS08A.

    • C.

      Enable Local Link Multicast Name Resolution (LLMNR) on WS08A.

    • D.

      Enable NetBIOS on WS08A.

    Correct Answer
    D. Enable NetBIOS on WS08A.
    Explanation
    A. Incorrect: When you enable IPv6 on a computer running Windows Server 2008, no extra functionality is enabled in connections to a computer running Windows XP.
    B. Incorrect: IPv6 never blocks network functionality, so disabling it would never enable a feature like connectivity through a UNC.
    C. Incorrect: Enabling LLMNR on WS08A could enable UNC connectivity to another computer running Windows Server 2008 or Windows Vista, but it would not enable UNC connectivity to a computer running Windows XP.
    D. Correct: If NetBIOS were disabled, it would block UNC connectivity to a computer running Windows XP.

    Rate this question:

  • 9. 

    After the address of a certain client computer is updated, you notice that a local DNS server is resolving the name of the computer incorrectly from cached information. How can you best resolve this problem? CH2 L2

    • A.

      At the DNS server, type the command dnscmd /clearcache

    • B.

      Restart the DNS Client service on the client computer.

    • C.

      At the client computer, type ipconfig /flushdns.

    • D.

      Restart all DNS client computers.

    Correct Answer
    A. At the DNS server, type the command dnscmd /clearcache
    Explanation
    A. Correct: The file Cache.dns, located in the %systemroot%\system32\dns\ folder, contains the list of the root DNS servers that the local DNS server will query if it
    cannot itself answer a query. By default, this file contains the list of Internet root servers, but you can replace it with the list of your company root servers.
    B. Incorrect: A HOSTS file specifies a list of resolved names that are preloaded into the DNS client cache. It does not specify root servers.
    C. Incorrect: The Lmhosts file is used to resolve NetBIOS names. It does not specify DNS root servers.
    D. Incorrect: Specifying a forwarder is not the same as specifying root servers. If the connection to a forwarder fails, a DNS server will query its root servers.

    Rate this question:

  • 10. 

    You are working on a Windows Server 2008 computer named WS08A. You cannot connect to computers running Windows XP on the local network by specifying them by name in a UNC path such as \\computer1. What can you do to enable your computer to connect to these computers by specifying them in a UNC? CH2 L2

    • A.

      Enable IPv6 on WS08A.

    • B.

      Disable IPv6 on WS08A.

    • C.

      Enable Local Link Multicast Name Resolution (LLMNR) on WS08A.

    • D.

      Enable NetBIOS on WS08A.

    Correct Answer
    C. Enable Local Link Multicast Name Resolution (LLMNR) on WS08A.
    Explanation
    A. Incorrect: This option does not provide a way to resolve Internet names. It also does not provide a way for the New York DNS servers to resolve the names in the Sacramento office.
    B. Incorrect: This option does not provide a way for computers in each office to resolve names of the computers in the other office.
    C. Correct: This is the only solution that enables the DNS servers to effectively resolve names in the local domain, in the remote domain, and on the Internet.
    D. Incorrect: This option does not provide an effective way for computers to resolve Internet names.

    Rate this question:

  • 11. 

    After the address of a certain client computer is updated, you notice that a local DNS server is resolving the name of the computer incorrectly from cached information. How can you best resolve this problem? CH2 L3

    • A.

      At the DNS server, type the command dnscmd /clearcache.

    • B.

      Restart the DNS Client service on the client computer.

    • C.

      At the client computer, type ipconfig /flushdns.

    • D.

      Restart all DNS client computers.

    Correct Answer
    B. Restart the DNS Client service on the client computer.
    Explanation
    A. Incorrect: Configuring conditional forwarding would allow computers in one domain to resolve names in the other domain. However, the question states that this functionality is already being achieved. Conditional forwarding by itself would not enable clients to connect to resources by using a single-tag name.
    B. Correct: If you specify west.cpandl.com on the DNS suffix search list, that suffix will be appended to a DNS query. This option would enable a user to submit a singletag
    name query in a UNC path and have the client automatically append the name of the west.cpandl.com domain.
    C. Incorrect: This option merely ensures that the client’s own name is registered in DNS. It does not enable a user to connect to resources in the remote domain.
    D. Incorrect: By default, the client will append a single-tag name query with the client’s own domain name. If that query fails, the client will append the single-tag name query with the parent domain name. Neither of these options would enable the query for a computer in the remote domain to be resolved properly.

    Rate this question:

  • 12. 

    You are working on a Windows Server 2008 computer named WS08A. You cannot connect to computers running Windows XP on the local network by specifying them by name in a UNC path such as \\computer1. What can you do to enable your computer to connect to these computers by specifying them in a UNC? CH2 L3

    • A.

      Enable IPv6 on WS08A.

    • B.

      Disable IPv6 on WS08A.

    • C.

      Enable Local Link Multicast Name Resolution (LLMNR) on WS08A.

    • D.

      Enable NetBIOS on WS08A.

    Correct Answer
    D. Enable NetBIOS on WS08A.
    Explanation
    A. Incorrect: Merely configuring a connection-specific suffix does not enable a computer to register with DNS if all the other settings are left at the default values.
    B. Incorrect: Enabling this option registers a connection-specific suffix only if one is configured. If the other settings are left at the default values for a non-DHCP client, this setting would have no effect.
    C. Incorrect: This option is already enabled if the DNS client settings are left at the default values.
    D. Correct: This answer choice provides the only solution that is not a default value and that, when configured, enables a DNS client to register its static address with a DNS server.

    Rate this question:

  • 13. 

    You want to prevent a certain host (A) record from being scavenged. The record belongs to a portable computer named LaptopA that connects to the network only infrequently. LaptopA obtains its address from a DHCP server on the network. Which of the following steps would best enable you to achieve this goal? CH3L1

    • A.

      Disable scavenging on the zone in which the record has been created.

    • B.

      Disable scavenging on the server with which the computer registers its record.

    • C.

      Assign the computer a static address.

    • D.

      Create a record for LaptopA manually.

    Correct Answer
    D. Create a record for LaptopA manually.
    Explanation
    A. Incorrect: If you disable scavenging on the zone, it will affect all records. You want to prevent a single record from being scavenged.
    B. Incorrect: If you disable scavenging on the server, it will prevent all records on the server from being scavenged. You want to prevent only a single record from being scavenged.
    C. Incorrect: Computers with a static address register their addresses in the same way that the DHCP clients do.
    D. Correct: Manually created records are never scavenged. If you need to prevent a certain record from being scavenged in a zone, the best way to achieve that is to
    delete the original record and re-create it manually.

    Rate this question:

  • 14. 

    You are a network administrator for a company named Fabrikam, Inc. The DNS server for the network is located on a member server named Dns1 in the Fabrikam.com Active Directory domain. Dns1 provides name resolution for the Fabrikam.com domain only. Occasionally, you see DNS records for unauthorized computers in the Fabrikam.comzone. These computers do not have accounts in the Fabrikam.com Active Directory domain. What steps should you take to prevent unauthorized computers from registering host records with the DNS server? (Choose three. Each answer represents part of the solution.) CH3L1

    • A.

      Re-create the zone on a domain controller.

    • B.

      Choose the option to store the zone in Active Directory.

    • C.

      Clear the option to store the zone in Active Directory.

    • D.

      Configure the zone not to accept dynamic updates.

    • E.

      Configure the zone to accept secure updates only.

    Correct Answer(s)
    A. Re-create the zone on a domain controller.
    B. Choose the option to store the zone in Active Directory.
    E. Configure the zone to accept secure updates only.
    Explanation
    A. Correct: To prevent computers outside of the Active Directory domain from registering with a DNS server, you need to configure the zone to accept secure dynamic
    updates only. You can configure a zone to accept secure dynamic updates only if you store it in Active Directory. You can store a zone in Active Directory only if you create the zone on a domain controller.
    B. Correct: To prevent computers outside of the Active Directory domain from registering with a DNS server, you need to configure the zone to accept secure dynamic
    updates only. This option is available only if you store the DNS zone in Active Directory, and this last option is available only if you create the zone on a domain controller.
    C. Incorrect: If you don’t store the zone in Active Directory, you won’t be able to require secure updates for the zone.
    D. Incorrect: If you disable dynamic updates for the zone, no computers will be able to register and you will have to create and update every record manually. This is not the best way to solve this problem because it creates too much administrative overhead.
    E. Correct: To prevent computers outside of the Active Directory domain from registering with a DNS server, you need to configure the zone to accept secure dynamic
    updates only. This option is available only if you store the DNS zone in Active Directory, and this last option is available only if you create the zone on a domain controller.

    Rate this question:

  • 15. 

    You are a network administrator for a large company named Northwind Traders that has many branch offices worldwide. You work at the New York office, which has its own Active Directory domain, ny.us.nwtraders.msft. Recently you have noticed that when users in the New York office want to connect to resources located in the  uk.eu.nwtraders.msft domain, name resolution for computernames in the remote domain is very slow. You want to improve name resolution response times for names within uk.eu.nwtraders.msft domain by keeping an updated list of remote name servers authoritative for that domain name. You also want to minimize zone transfer traffic. What should you do?CH3L2

    • A.

      Create a stub zone of the uk.eu.nwtraders.msft domain on the DNS servers at the New York office.

    • B.

      Configure conditional forwarding so that queries for names within the uk.eu.nwtraders.msft domain are automatically forwarded to the name servers in that domain.

    • C.

      Create a secondary zone of the uk.eu.nwtraders.msft domain on the DNS servers at the New York office.

    • D.

      Perform a delegation of the uk.edu.nwtraders.msft domain on the DNS servers at the New York office.

    Correct Answer
    A. Create a stub zone of the uk.eu.nwtraders.msft domain on the DNS servers at the New York office.
    Explanation
    A. Correct: This is the only solution that will improve name resolution response times, keep an updated list of remote name servers, and minimize zone transfer traffic.
    B. Incorrect: Conditional forwarding would improve name resolution response times and minimize zone transfer traffic, but it would not allow you to keep an updated list of remote name servers.
    C. Incorrect: A secondary zone would improve name resolution response times and allow you to keep an updated list of remote name servers, but it would not minimize
    zone transfer traffic because the entire zone would need to be copied periodically from the remote office.
    D. Incorrect: You cannot perform a delegation in this case. You can perform a delegation only for a child domain in the DNS namespace. For example, a child domain of the ny.us.nwtraders.msft domain might be uptown.ny.us.nwtraders.msft.

    Rate this question:

  • 16. 

    You have recently migrated a DNS zone named Contoso.com to a domain controller running Windows Server 2008. You have selected the option to store the zone in Active Directory, but you find that the zone does not appear on a domain controller named DC2000 that is running Windows 2000 Server in the same domain. DC2000 is already configured with the DNS server component. You want the zone to appear on all domain controllers in the Contoso.com domain. What should you do? CH3L2

    • A.

      Choose the option to store the zone in all DNS servers in the forest.

    • B.

      Choose the option to store the zone in all DNS servers in the domain.

    • C.

      Choose the option to store the zone in all domain controllers in the domain.

    • D.

      Create a new directory partition, and then choose the option to store the zone in the new partition.

    Correct Answer
    C. Choose the option to store the zone in all domain controllers in the domain.
    Explanation
    A. Incorrect: When you choose this option, computers running Windows 2000 Server cannot see the ForestDnsZones partition in which zone data is stored.
    B. Incorrect: When you choose this option, computers running Windows 2000 Server cannot see the DomainDnsZones partition in which zone data is stored.
    C. Correct: When you choose this option, zone data is stored in the domain partition, which is visible to computers running Windows 2000 Server.
    D. Incorrect: Computers running Windows 2000 Server would not be able to see any new application directory partitions that you create, so creating one and choosing
    the associated option would not resolve the problem.

    Rate this question:

  • 17. 

    After you deploy a DHCP server for the 192.168.1.0/24 subnet, you find that none of the DHCP clients can communicate beyond the local subnet when they specify the IP address of a computer on the company network. Statically assigned computers can successfully communicate beyond the local subnet. How can you configure the DHCP server to enable DHCP clients to communicate beyond the local subnet? CH4L1

    • A.

      Configure the 003 Router option.

    • B.

      Configure the 006 DNS Servers option.

    • C.

      Configure the 015 Domain Name option.

    • D.

      Configure the 044 WINS/NBNS Servers option.

    Correct Answer
    A. Configure the 003 Router option.
    Explanation
    A. Correct: If computers cannot communicate beyond the local subnet even when you specify an IP address, the problem is most likely that the computers do not have a default gateway specified. To assign a default gateway address to DHCP clients, configure the 003 Router option.
    B. Incorrect: If the DHCP clients needed to have a DNS server assigned to them, they would be able to connect to computers when specified by address but not by name.
    C. Incorrect: The 015 Domain Name option provides DHCP clients with a connection- specific DNS suffix assigned to them. If clients needed such a suffix, the problem
    reported would be that clients could not connect to servers when users specified a single-label computer name such as “Server1” (instead of a fully qualified domain name [FQDN] such as “Server1.contoso.com”).
    D. Incorrect: The 044 WINS/NBNS Server option configures DHCP clients with the address of a WINS server. A WINS server would not enable you to connect to computers
    on remote subnets when you specify those computers by address.

    Rate this question:

  • 18. 

    You want to deploy a DHCP server on a computer named Dhcp1.nwtraders.msft. To this server you have configured a static address of 10.10.0.5/24 and assigned a DNS server address of 10.10.1.1. On Dhcp1 you configure a scope within the range 10.10.1.0/24. You then activate the scope and authorize the server, but the server does not successfully lease any addresses to computers on the local subnet. When you verify the addresses of the clients on the subnet, you find that they are all assigned addresses in the169.254.0.0/16 range. You want the DHCP server to lease addresses to client computers on the local subnet only. Which of the following actions will most likely fix the problem? CH4L1

    • A.

      Configure the clients as DHCP clients.

    • B.

      Enable the DHCP client service on Dhcp1.

    • C.

      Change the address of Dhcp1 and redeploy the DHCP server.

    • D.

      Run the command Ipconfig /registerdns on Dhcp1.

    Correct Answer
    C. Change the address of Dhcp1 and redeploy the DHCP server.
    Explanation
    A. Incorrect: We know that clients are already configured as DHCP clients because they have received addresses in the APIPA range of 169.254.0.0/16.
    B. Incorrect: Dhcp1 does not need to be running the DHCP client service because itis not acting as a DHCP client.
    C. Correct: If you want the DHCP server to assign addresses to computers on the local subnet, the server needs to be assigned an address that is also located on the same subnet. With its current configuration, the server is configured with an address in the 10.10.0.0/24 subnet but is attempting to lease addresses in the 10.10.1.0/24 range. To fix this problem, you can either change the address of the DHCP server or change the address range of the scope.
    D. Incorrect: This command would enable other computers to connect to Dhcp1 if a user specified Dhcp1 by name. However, the ability to connect to a DHCP server by
    specifying its name is not a requirement for DHCP to function correctly. DHCP exchanges do not rely on computer names.

    Rate this question:

  • 19. 

    You are deploying a DHCP server on your network to supply addresses in the 192.168.1.0/24 range. You have 200 DHCP client computers on the local subnet. The subnet includes a DNS server on the network with a statically assigned address of 192.168.1.100. How can you create a scope on the DHCP server that does not conflict with the existing DNS server address? CH4L2

    • A.

      Use the 006 DNS Servers option to assign to clients the address of the DNS server.

    • B.

      Create a reservation that assigns the address 192.168.1.100 to the DNS server.

    • C.

      Configure two address ranges in the DHCP scope that avoids the address 192.168.1.100.

    • D.

      Create an exclusion for the address 192.168.1.100.

    Correct Answer
    D. Create an exclusion for the address 192.168.1.100.
    Explanation
    A. Incorrect: Configuring a scope option that assigns clients the DNS server address does nothing to prevent the potential conflict of the scope leasing out the same
    address owned by the DNS server.
    B. Incorrect: It is not recommended to assign reservations to infrastructure servers such as DNS servers. DNS servers should be assigned static addresses.
    C. Incorrect: You can configure only one contiguous address range per scope.
    D. Correct: Creating an exclusion for the DNS server address is the simplest way to solve the problem. When you configure the exclusion, the DHCP server will not lease the address and the DNS server preserves its static conguration.

    Rate this question:

  • 20. 

    Which of the following commands should you run to install a DHCP server on a Server Core installation of Windows Server 2008? CH4L2

    • A.

      Sc config dhcpserver start= auto

    • B.

      Start /w ocsetup DHCPServer

    • C.

      Net start DHCPServer

    • D.

      Servermanagercmd -install dhcp

    Correct Answer
    B. Start /w ocsetup DHCPServer
    Explanation
    A. Incorrect: This command configures the DHCP Server service to start automatically when Windows starts.
    B. Correct: This is a command you can use on a Server Core installation of Windows Server 2008 to install the DHCP Server role.
    C. Incorrect: This command starts the DHCP Server service after it is already installed.
    D. Incorrect: You can use this command on a full installation of Windows Server 2008 to install the DHCP Server role. You cannot use this command on a Server
    Core installation.

    Rate this question:

  • 21. 

    Currently, client computers on the 192.168.1.0/24 subnet are configured with the default gateway 192.168.1.1. You connect a second router to both the 192.168.1.0/24subnet and the 192.168.2.0/24 subnet. You would like clients on the 192.168.1.0/24 subnet to connect to the 192.168.2.0/24 subnet using the new router, which has the IP address 192.168.1.2. What command should you run? CH5L1

    • A.

      Route add 192.168.2.0 MASK 255.255.255.0 192.168.1.1

    • B.

      Route add 192.168.2.0 MASK 255.255.255.0 192.168.1.2

    • C.

      Route add 192.168.1.2 MASK 255.255.255.0 192.168.2.0

    • D.

      Route add 192.168.1.1 MASK 255.255.255.0 192.168.2.0

    Correct Answer
    B. Route add 192.168.2.0 MASK 255.255.255.0 192.168.1.2
    Explanation
    A. Incorrect: This answer has the incorrect router. The router with the IP address 192.168.1.1 is currently the default gateway, so all traffic will be sent to that router
    anyway.
    B. Correct: When using the Route Add command, specify the destination network first and then the subnet mask. Finally, provide the router that will be used to access the remote network.
    C. Incorrect: In this answer the parameters are reversed—the destination network should be listed as the first parameter after Route Add.
    D. Incorrect: In this answer the parameters are reversed and the wrong router is listed.

    Rate this question:

  • 22. 

    You are experiencing intermittent connectivity problems accessing an internal Web site on a remote network. You would like to view a list of routers that packets travel throughbetween the client and the server. Which tools can you use? (Choose all that apply.) CH5L1

    • A.

      PathPing

    • B.

      Ping

    • C.

      Ipconfig

    • D.

      TraceRt

    Correct Answer(s)
    A. PathPing
    D. TraceRt
    Explanation
    A. Correct: PathPing uses ICMP to detect routers between your computer and a specified destination. Then PathPing computes the latency to each router in the path.
    B. Incorrect: Ping tests connectivity to a single destination. You cannot easily use Ping to determine the routers in a path.
    C. Incorrect: Although you can use Ipconfig to determine the default gateway, you cannot use it to determine all routers in a path.
    D. Correct: TraceRt provides very similar functionality to PathPing, using ICMP to contact every router between your computer and a specified destination. The key different between TraceRt and PathPing is that PathPing computes accurate performance statistics over a period of time, while TraceRt sends only three packets to each router in the path and displays the latency for each of those three packets.

    Rate this question:

  • 23. 

    6L1You configure a computer running Windows Server 2008 with two network interfaces. Each of the interfaces is connected to different subnets. One of those subnets has four other routers connected to it, and each router provides access to different subnets. You would like the computer running Windows Server 2008 to automatically identify therouters and determine which remote subnets are available using each router. What should you do? CH5L1

    • A.

      Enable NAT on the interface.

    • B.

      Enable OSPF on the interface.

    • C.

      Enable RIP on the interface.

    • D.

      Add a static route to the interface.

    Correct Answer
    C. Enable RIP on the interface.
    Explanation
    A. Incorrect: Network Address Translation (NAT) allows clients with private IP addresses to connect to computers on the public Internet. NAT does not automatically configure routing.
    B. Incorrect: Although OSPF is a routing protocol and would meet the requirements of this scenario, Windows Server 2008 does not support OSPF. Earlier versions of Windows do support OSPF.
    C. Correct: RIP is a routing protocol. Routing protocols allow routers to communicate a list of subnets that each router provides access to. If you enable RIP on a computer running Windows Server 2008, it can automatically identify neighboring routers and forward traffic to remote subnets.
    D. Incorrect: Although you could use static routes to reach remote subnets, the question requires you to configure Windows Server 2008 to automatically identify the
    remote networks.

    Rate this question:

  • 24. 

    You want to require network communications to be encrypted in the Nwtraders.com domain. What should you do?CH6L1

    • A.

      Use IPSec with Authentication Header (AH).

    • B.

      Use IPSec with Encapsulating Security Payload (ESP).

    • C.

      Use IPSec with both AH and ESP.

    • D.

      Use IPSec in tunnel mode.

    Correct Answer
    B. Use IPSec with Encapsulating Security Payload (ESP).
    Explanation
    A. Incorrect: AH provides data authentication but not data encryption.
    B. Correct: ESP is the protocol that provides encryption for IPsec.
    C. Incorrect: Using IPsec with both AH and ESP is not the best answer because only ESP is needed to encrypt data. Using AH with ESP increases the processing overhead
    unnecessarily.
    D. Incorrect: Tunnel mode is used to provide compatibility for some gateway-to-gateway VPN communications.

    Rate this question:

  • 25. 

    You want to enforce IPSec communications between the Nwtraders.com domain and the Contoso.com domain. Both domains belong to the same Active Directory forest. Whichauthentication method should you choose for IPSec? CH6L1

    • A.

      Kerberos

    • B.

      Certificates

    • C.

      Preshared key

    • D.

      NTLM

    Correct Answer
    A. Kerberos
    Explanation
    A. Correct: If both domains are in the same Active Directory forest, you can use the Kerberos protocol built into Active Directory to provide authentication for IPsec
    communication.
    B. Incorrect: You do not need to configure certificates for authentication. Active Directory already provides the Kerberos protocol that you can use with IPsec.
    C. Incorrect: You do not need to configure a preshared key as the authentication method. The Kerberos protocol is already available, and it is more secure than a preshared key.
    D. Incorrect: NTLM is a backup authentication method for Active Directory, but it is not a valid authentication method for IPsec

    Rate this question:

  • 26. 

    How does enabling ICS change the IP settings on a computer? (Choose all that apply.) CH7L1

    • A.

      The IP address of the internal network adapter is changed to 192.168.0.1.

    • B.

      The IP address of the external network adapter is changed to 192.168.0.1.

    • C.

      DHCP services are enabled on the internal network adapter.

    • D.

      DHCP services are enabled on the external network adapter.

    Correct Answer(s)
    A. The IP address of the internal network adapter is changed to 192.168.0.1.
    C. DHCP services are enabled on the internal network adapter.
    Explanation
    A. Correct: Enabling ICS changes the IP address of the internal network adapter to 192.168.0.1.
    B. Incorrect: Enabling ICS does not change the IP address of the external network adapter, which is typically a public IP address defined by your ISP.
    C. Correct: Enabling ICS automatically enables a DHCP server on your internal interface, so that clients on the internal network can receive the proper IP configuration.
    D. Incorrect: Enabling ICS enables a DHCP server on your internal interface, but not on your external interface.

    Rate this question:

  • 27. 

    Which of the following scenarios are not likely to work with NAT without additional configuration? CH7L1

    • A.

      Clients on the Internet accessing a Web server on the intranet using HTTP

    • B.

      Clients on the intranet downloading e-mail from an Exchange server on the Internet

    • C.

      Clients on the intranet streaming video using a TCP connection from a server on the Internet

    • D.

      Clients on the intranet accessing a Web server on the Internet using HTTPS

    Correct Answer
    A. Clients on the Internet accessing a Web server on the intranet using HTTP
    Explanation
    A. Correct: By default, NAT does not allow connections from the Internet to the intranet. You can support them, however, by configuring port forwarding on the NAT
    server. With port forwarding, the NAT device accepts the TCP connection and forwards it to a specific server on the intranet.
    B. Incorrect: NAT allows clients to establish TCP connections to servers on the Internet.
    C. Incorrect: Streaming video often uses User Datagram Protocol (UDP), which often fails when a NAT device is in use. However, streaming video connections that use TCP should always work. For that reason, most streaming media protocols support both UDP (for performance) and TCP (for compatibility with NAT).
    D. Incorrect: HTTPs functions exactly like any other TCP connection. Therefore, NAT clients do not have any problem establishing an HTTPS connection to a server on the Internet.

    Rate this question:

  • 28. 

    You are an administrator for a small business with a single server. All computers on the network need to share a single Internet connection. You configure a Windows Server 2008 computer with two network adapters. You connect one network adapter directly to the DSL modem provided by your ISP. You connect the second network adapter to a Layer 2-switch that all other computers are connected to. Then, you enable ICS on the Internet network adapter. What is the IP address of the internal network adapter? CH7L1

    • A.

      The public IP address provided by your ISP

    • B.

      The DNS server address provided by your ISP

    • C.

      192.168.0.1

    • D.

      192.168.0.0

    Correct Answer
    C. 192.168.0.1
    Explanation
    A. Incorrect: The Internet network adapter should have the IP address that was assigned by your ISP, not the internal network adapter.
    B. Incorrect: You should configure the ICS server to send queries to the DNS server and client computers to send DNS queries to the ICS server. However, you should not configure the internal network adapter with the DNS server’s IP address.
    C. Correct: ICS always assigns the IP address 192.168.0.1 to the internal network adapter.
    D. Incorrect: 192.168.0.0/24 is the internal network that ICS assigns to clients. 192.168.0.0 is not a valid IP address, however.

    Rate this question:

  • 29. 

    You are currently planning a wireless deployment for an enterprise organization. Based on the physical layout of your facilities, you determine that you need 12 wireless access points for adequate coverage. You want to provide the best wireless performance possible, but you need to support wireless clients that are compatible with only 802.11b.Which wireless protocol should you choose?CH7L2

    • A.

      802.11b

    • B.

      802.11g

    • C.

      802.11a

    • D.

      802.11n

    Correct Answer
    D. 802.11n
    Explanation
    A. Incorrect: 802.11b is one of the original wireless standards, and newer standards, including both 802.11g and 802.11n, provide much better performance with
    backward-compatibility.
    B. Incorrect: 802.11g provides better performance than 802.11b and is backwardcompatible. However, 802.11n provides even better performance than 802.11g.
    C. Incorrect: 802.11a uses a different frequency from 802.11b and thus would not provide compatibility with your 802.11b clients.
    D. Correct: 802.11n provides the highest performance of the wireless protocols listed, and it is capable of providing backward compatibility with 802.11b clients.

    Rate this question:

  • 30. 

    You are a systems administrator at an enterprise help desk. A user calls to complain that she is unable to connect to the wireless network. After discussing her problem, you discover that the wireless access point is rejecting her credentials. You examine the wireless access point configuration and determine that it is submitting authentication requests to a RADIUS service running on a Windows Server 2008 computer. How can you determine the exact cause of the authentication failures?CH7L2

    • A.

      Examine the Security event log on the wireless client.

    • B.

      Examine the System event log on the wireless client.

    • C.

      Examine the Security event log on the computer running Windows Server 2008.

    • D.

      Examine the System event log on the computer running Windows Server 2008.

    Correct Answer
    C. Examine the Security event log on the computer running Windows Server 2008.
    Explanation
    A. Incorrect: The wireless client cannot log detailed information about authentication failures because RADIUS does not provide detailed information about why credentials were rejected. Instead, you should examine the Security event log on the RADIUS server.
    B. Incorrect: Same as answer A.
    C. Correct: The Windows Server 2008 RADIUS service adds events to the local Security event log. These events have information useful for identifying the cause of the
    problem, such as the user name submitted.
    D. Incorrect: The Windows Server 2008 RADIUS service adds events to the local Security event log, not to the System event log.

    Rate this question:

  • 31. 

    To improve productivity for employees during meetings, your organization has decided to provide authentication and encrypted wireless network access throughout your facilities. The organization is not willing to sacrifice security, however, and requires the most secure authentication mechanisms available. You have recently upgraded all client computers to either Windows XP (with the latest service pack) or Windows Vista. Which wireless security standard should you use?CH7L2

    • A.

      128-bit WEP

    • B.

      WPA-PSK

    • C.

      64-bit WEP

    • D.

      WPA-EAP

    Correct Answer
    D. WPA-EAP
    Explanation
    A. Incorrect: 128-bit WEP provides much better security than 64-bit WEP. However, 128-bit WEP is still considered extremely unsecure because it uses static keys and can be cracked in a relatively short time.
    B. Incorrect: WPA-PSK uses static keys, making it vulnerable to brute force attacks. WPA-PSK should be used only for testing.
    C. Incorrect: 64-bit WEP is the original wireless security standard, and it is now considered outdated. 64-bit WEP uses small, static keys and contains several cryptographic
    weaknesses that allow it to be cracked in a short time.
    D. Correct: WPA-EAP (and WPA2-EAP) provide the highest level of security by authenticating users to a central RADIUS server, such as a server running Windows Server 2008. As of the time of this writing, breaking WPA-EAP security using brute force techniques would be much more difficult than any other wireless security standard.

    Rate this question:

  • 32. 

    You are a systems engineer for a paper sales company. Frequently, your sales staff travels overnight and needs to connect to resources on your protected intranet. After discussions with some of the sales staff, you discover that they frequently use their mobile computers to connect to the Internet using wireless networks. At other times, hotels offer Ethernet connections with Internet access. Frequently, however, they have access only to a phone line that they can use to establish a dial-up connection. At any given time, 100 salespeople might need to connect, and at most 30 would need dial-up connections. Your organization is near the end of its fiscal year, and capital budget is tight. Therefore, you need to minimize up-front costs. What is the best way to configure remote access for the sales staff while using existing Active Directory user credentials? (Choose all that apply.)CH7L3

    • A.

      Connect a Windows Server 2008 computer to both the public Internet and your intranet. Then, configure it to accept incoming VPN connections.

    • B.

      Connect a Windows Server 2008 computer to the public Internet. Then, configure it as a RADIUS server. Configure the client computers to submit RADIUS authentication requests to the server when they connect to remote networks.

    • C.

      Configure a Windows Server 2008 computer to accept dial-up connections. Lease a circuit from your local telecommunications provider for 30 PSTN connections. Purchase a modem bank capable of accepting 30 simultaneous connections and connect it to the Windows Server 2008 computer.

    • D.

      Establish an agreement with an ISP to provide dial-up access to your users. Then, configure a Windows Server 2008 computer as a RADIUS server. Have the ISP configure its modem bank to submit authentication requests to the RADIUS server.

    Correct Answer(s)
    A. Connect a Windows Server 2008 computer to both the public Internet and your intranet. Then, configure it to accept incoming VPN connections.
    D. Establish an agreement with an ISP to provide dial-up access to your users. Then, configure a Windows Server 2008 computer as a RADIUS server. Have the ISP configure its modem bank to submit authentication requests to the RADIUS server.
    Explanation
    A. Correct: A VPN server allows clients on the public Internet to connect to your intranet while providing authentication and encryption.
    B. Incorrect: Clients never submit requests directly to a RADIUS server. Instead, a wireless access point, VPN server, or other access provider submits authentication
    requests to the RADIUS server on the client’s behalf. Additionally, without a VPN connection, client computers would not have access to the internal network.
    C. Incorrect: Configuring your own modem bank and telephone circuits would provide the required connectivity. However, the capital expense would be significant. A more cost-effective alternative is to outsource the dial-up access to an ISP.
    D. Correct: ISPs can provide dial-up access with integrated VPN connections to clients and authenticate to your internal RADIUS server. With Windows Server 2008, the RADIUS server can, in turn, authenticate to an Active Directory domain controller.

    Rate this question:

  • 33. 

    You are a systems engineer evaluating remote access technologies. Which of the following statements comparing dial-up connections to VPN connections are true? (Choose all that apply.)CH7L3

    • A.

      VPN connections typically provide better performance than dial-up connections. However, dial-up connections are adequate for common tasks, including e-mail and streaming video.

    • B.

      VPN connections require an existing Internet connection, while dial-up connections can completely bypass the Internet.

    • C.

      Data sent across a VPN connection can be intercepted and interpreted by an attacker who has access to the ISP’s infrastructure, whereas dial-up connections provide a much higher level of security by using the PSTN.

    • D.

      Both VPN and dial-up connections can authenticate to the same, central RADIUS server. That RADIUS server can be hosted on a computer running Windows Server 2008.

    Correct Answer(s)
    B. VPN connections require an existing Internet connection, while dial-up connections can completely bypass the Internet.
    D. Both VPN and dial-up connections can authenticate to the same, central RADIUS server. That RADIUS server can be hosted on a computer running Windows Server 2008.
    Explanation
    A. Incorrect: VPN connections almost always provide better performance than dialup connections. However, dial-up connections are not adequate for streaming video.
    B. Correct: Dial-up connections can connect directly to a server on your intranet, bypassing the Internet entirely.
    C. Incorrect: VPNs include encryption, preventing an attacker with access to the transmission from interpreting the data.
    D. Correct: Both VPN and dial-up servers can authenticate to a central RADIUS server.

    Rate this question:

  • 34. 

    You are a systems administrator for a large fabric manufacturing company. You need to allow sales people to connect to your VPN server while traveling. Many sales people have complained that they are unable to connect at times, and you have isolated the problem as being caused by firewalls that do not allow PPTP or L2TP traffic through. You would like to recommend that the sales staff use SSTP VPN connections. Which operating systems support SSTP VPN connections? (Choose all that apply.)CH7L3

    • A.

      Windows XP Professional

    • B.

      Windows 2000 Professional

    • C.

      Windows Vista with Service Pack 1

    • D.

      Windows Server 2008

    Correct Answer(s)
    C. Windows Vista with Service Pack 1
    D. Windows Server 2008
    Explanation
    A. Incorrect: Windows XP Professional does not support SSTP.
    B. Incorrect: Windows 2000 Professional does not support SSTP.
    C. Correct: Windows Vista with Service Pack 1 supports being an SSTP VPN client. It does not support being a VPN server. Windows Vista without Service Pack 1 does not support SSTP.
    D. Correct: Windows Server 2008 supports being either an SSTP VPN client or server.

    Rate this question:

  • 35. 

    You are a systems administrator for a property management company. You need to install an internally developed automation tool on a computer running Windows Server2008. The tool acts as a network client and needs to connect to a server on your intranet using TCP port 88 and to a server on the Internet using TCP port 290. Additionally, a client component you install on your workstation running Windows Vista will connect to the computer running Windows Server 2008 using TCP port 39. Windows Firewall is currently configured with the default settings on both computers. Which of the following changes do you need to make to allow the application to work? CH8L1

    • A.

      On the computer running Windows Server 2008, add a firewall rule to allow outbound connections on TCP port 290.

    • B.

      On the computer running Windows Server 2008, add a firewall rule to allow inbound connections on TCP port 39.

    • C.

      On the computer running Windows Server 2008, add a firewall rule to allow inbound connections on TCP port 290.

    • D.

      On your workstation, add a firewall rule to allow outbound connections on TCP port 39.

    Correct Answer
    B. On the computer running Windows Server 2008, add a firewall rule to allow inbound connections on TCP port 39.
    Explanation
    A. Incorrect: The computer running Windows Server 2008 will need to make outbound connections on TCP port 290; however, Windows Firewall allows outbound connections by default. Therefore, you do not need to create a firewall rule.
    B. Correct: By default, Windows Server 2008 will block inbound connections that do not have a firewall rule. There is no firewall rule for TCP port 39 by default. Therefore, you will need to add one.
    C. Incorrect: The computer running Windows Server 2008 needs to make outbound connections on TCP port 290, but it does not need to allow inbound connections on that port.
    D. Incorrect: Windows Vista allows any outbound connection by default. Therefore, you do not need to create a firewall rule to allow outbound connections.

    Rate this question:

  • 36. 

    You are a systems administrator for an enterprise manufacturing company specializing in water purification equipment. You have recently installed an internal server application on a computer running Windows Server 2008 that accepts incoming connections on TCP port 1036. The application does not include any access control capability. How can you configure the inbound firewall rule properties to allow connections only from authorized users in your domain? (Choose all that apply. Each answer forms part of the complete solution.) CH8L1

    • A.

      In the General tab, click Allow Only Secure Connections.

    • B.

      In the Advanced tab, click These Profiles, and then select Domain.

    • C.

      In the Users And Computers tab, select Only Allow Connections From These Users. Then, add the Domain Users group.

    • D.

      In the Scope tab, in the Local IP Address group, select These IP Addresses. Then, add each of your internal networks.

    Correct Answer(s)
    A. In the General tab, click Allow Only Secure Connections.
    C. In the Users And Computers tab, select Only Allow Connections From These Users. Then, add the Domain Users group.
    Explanation
    A. Correct: Selecting Allow Only Secure Connections requires IPsec, which you must use to require domain authentication at the firewall level.
    B. Incorrect: Specifying a profile for the firewall rule simply means the rule won’t apply if the server isn’t connected to the domain network. You can’t use profiles to require client connection authentication.
    C. Correct: After requiring IPsec on the General tab, you can use this tab to limit connections only to users who are members of specific groups.
    D. Incorrect: Configuring scope can be a very powerful tool for limiting connections from users. Although it might be advisable to also limit scope to connections from client computers on your internal network, that doesn’t necessarily require users to be a member of your domain. Additionally, you would need to configure the Remote IP Address settings, not the Local IP Address settings.

    Rate this question:

  • 37. 

    You are a systems administrator for a medium-sized facilities management organization. You need to use Group Policy settings to configure firewall settings on your Windows XP and Windows Vista client computers. You would like to configure firewall rules using only the Windows Firewall node rather than the Windows Firewall With Advanced Securitynode. Which of the following features are NOT available when using the Windows Firewall node in Group Policy settings? CH8L1

    • A.

      Filtering UDP traffic

    • B.

      Allowing a specific executable to accept incoming connections on any port number

    • C.

      Dropping connections not originating from a specific subnet

    • D.

      Requiring IPsec authentication for a connection

    Correct Answer
    D. Requiring IPsec authentication for a connection
    Explanation
    A. Incorrect: Both Windows XP (configured using the Windows Firewall node) and Windows Vista (configured using either the Windows Firewall node or the Windows Firewall With Advanced Security node) support filtering UDP traffic.
    B. Incorrect: Both the Windows Firewall and the Windows Firewall With Advanced Security nodes support creating a rule for an executable.
    C. Incorrect: Both the Windows Firewall and the Windows Firewall With Advanced Security nodes support configuring scope for a rule.
    D. Correct: The Windows Firewall With Advanced Security node supports firewall features available only for Windows Vista and Windows Server 2008, not Windows XP. One of the most important features is the ability to require IPsec connection security and to authenticate and authorize users or computers using IPsec.

    Rate this question:

  • 38. 

    You are currently configuring NAP enforcement in a lab environment. You need to create a network policy that prevents noncompliant computers from connecting to the network. How should you configure the network policy properties? CH8L2

    • A.

      In the Settings tab, set NAP Enforcement to Allow Limited Access.

    • B.

      In the Overview tab, set Access Permission to Deny Access.

    • C.

      In the Constraints tab, set the Session Timeout to 0.

    • D.

      In the Settings tab, create an IP filter that drops all traffic.

    Correct Answer
    A. In the Settings tab, set NAP Enforcement to Allow Limited Access.
    Explanation
    A. Correct: Setting NAP Enforcement to Allow Limited Access limits the client to the remediation servers you list. If you do not list any remediation servers, clients will be completely denied network access.
    B. Incorrect: Setting the Access Permission to Deny Access prevents clients from performing a health check. Therefore, both compliant and noncompliant clients will be blocked.
    C. Incorrect: The Session Timeout disconnects remote access connections after a specific amount of time. You cannot set a Session Timeout of 0.
    D. Incorrect: IP filters should be used for remote access connections. They do not apply to NAP network policies.

    Rate this question:

  • 39. 

    You are a systems engineer developing NAP scenarios for future deployment within your organization. You want to configure a set of remediation servers that should be accessible for clients that do not support NAP. Which of the following do you need to do? (Choose all that apply.) CH8L2

    • A.

      Create a health policy and set it to Client Fails All SHV Checks.

    • B.

      Create a network policy with a Condition type of NAP-Capable Computers.

    • C.

      Create a remediation server group with the servers that should be accessible.

    • D.

      Create a connection request policy with a Condition type of NAP-Capable Computers.

    Correct Answer(s)
    B. Create a network policy with a Condition type of NAP-Capable Computers.
    C. Create a remediation server group with the servers that should be accessible.
    Explanation
    A. Incorrect: Health policies apply only to NAP-capable computers.
    B. Correct: Computers that do not support NAP require a separate network policy with a NAP-Capable Computers condition that matches Only Computers That Are Not NAP-Capable.
    C. Correct: Remediation server groups define the servers that are accessible to computers with limited access. To meet the requirements of this scenario, you would need to create a network policy with a NAP-Capable Computers condition matching Only Computers That Are Not NAP-Capable, set the NAP Enforcement for that network policy to Allow Limited Access, and then configure the network policy
    with the new remediation server group.
    D. Incorrect: You can use a single connection request policy for computers that both are and are not NAP-capable. Therefore, you do not need to create a new connection
    request policy. Additionally, the NAP-Capable Computers condition is not available for connection request policies.

    Rate this question:

  • 40. 

    You are a systems administrator configuring NAP using DHCP enforcement. You plan to run NPS and DHCP on separate computers. Which of the following requirements do you need to fulfill? (Choose all that apply.) CH8L2

    • A.

      Configure a RADIUS proxy on the DHCP server.

    • B.

      Install NPS on the DHCP server.

    • C.

      Install HRA on the DHCP Server.

    • D.

      Configure Certificate Services on the DHCP server.

    Correct Answer(s)
    A. Configure a RADIUS proxy on the DHCP server.
    B. Install NPS on the DHCP server.
    Explanation
    A. Correct: Because NPS and DHCP are running on separate computers, you must install NPS on the DHCP server and then configure a RADIUS proxy on the DHCP
    server to forward RADIUS requests to the primary NPS server.
    B. Correct: Same as answer A.
    C. Incorrect: HRA is required only for IPsec enforcement.
    D. Incorrect: DHCP enforcement does not require certificate services.

    Rate this question:

  • 41. 

    You are a systems engineer for an enterprise video production company. Your organization has six offices and a centralized IT department that manages all of the 1200 client computers. Each of the offices has about 200 computers. The WAN uses a hub-andspoke architecture, with each of the five remote offices connected directly to the headquarters. How would you design the WSUS architecture? CH9L1

    • A.

      Deploy a WSUS server to each office. Configure the WSUS servers to be managed by each office’s local IT support department.

    • B.

      Deploy a WSUS server at the headquarters. Configure all client computers to retrieve updates directly from Microsoft.

    • C.

      Deploy a WSUS server at the headquarters. Configure all client computers to retrieve updates directly from the WSUS server.

    • D.

      Deploy a WSUS server to each office. Configure the WSUS servers at the remote offices to be replicas of the WSUS server at the headquarters.

    Correct Answer
    D. Deploy a WSUS server to each office. Configure the WSUS servers at the remote offices to be replicas of the WSUS server at the headquarters.
    Explanation
    A. Incorrect: Because you have a centralized IT department, having local IT departments manage the WSUS servers would be inefficient. Instead, you should configure the remote offices as replicas of the WSUS servr at the headquarters, allowing you to manage all updates using a single WSUS server.
    B. Incorrect: Although this architecture would work, it would be extremely wasteful of Internet bandwidth. The bandwidth required for 1200 client computers to each download a service pack from the Internet would be so extreme that for many computers the updates might never succeed.
    C. Incorrect: Like answer B, this architecture would work. However, the WAN links would likely be saturated with update traffic as every computer at each remote office transfers large updates. To resolve this, place WSUS servers at each office.
    D. Correct: To make best use of WAN and Internet bandwidth, configure a WSUS server at each office and have each computer download updates from your central WSUS server.

    Rate this question:

  • 42. 

    You are a systems administrator configuring an update infrastructure for your organization. You need to use Group Policy settings to configure client computers to downloadupdates and install them automatically without prompting the user. Which Group Policy setting should you enable and configure?CH9L1

    • A.

      Allow Automatic Updates Immediate Installation

    • B.

      Configure Automatic Updates

    • C.

      No Auto-Restart For Scheduled Automatic Updates

    • D.

      Enable Client-Side Targeting

    Correct Answer
    B. Configure Automatic Updates
    Explanation
    A. Incorrect: Enabling this setting configures the Windows Update client to immediately install updates that do not require the computer to be restarted.
    B. Correct: This Group Policy setting allows you to configure whether updates are installed automatically and when they are installed. By default, however, Windows
    Update clients will notify users of the updates and prompt them to perform the installation.
    C. Incorrect: Enabling this setting prevents the Windows Update client from automatically restarting the computer. By default, this setting is disabled, which is required for automatically restarting computers, as outlined in the scenario.
    D. Incorrect: You can use this setting to configure client computers as members of a computer group. It has no impact on how updates are installed.

    Rate this question:

  • 43. 

    You are currently evaluating which of the computers in your environment will be able to download updates from WSUS. Which of the following operating systems can act as WSUS clients (even if they require a service pack)? (Choose all that apply.)CH9L1

    • A.

      Windows 95

    • B.

      Windows 98

    • C.

      Windows 2000 Professional

    • D.

      Windows XP Professional

    Correct Answer(s)
    C. Windows 2000 Professional
    D. Windows XP Professional
    Explanation
    A. Incorrect: Windows 95 does not support acting as a WSUS client.
    B. Incorrect: Windows 98 does not support acting as a WSUS client.
    C. Correct: Windows 2000, with Service Pack 3 or later, can act as a WSUS client.
    D. Correct: Windows XP can act as a WSUS client without any service pack.

    Rate this question:

  • 44. 

    You are a systems administrator at an enterprise home audio equipment design firm. Recently, you used MBSA to audit your client computers for the presence of specific security updates. You found several computers that did not have the updates installed. How can you determine why the update installation failed? (Choose all that apply.)CH9L2

    • A.

      Examine the System log on the client computer.

    • B.

      Examine the Applications And Services Logs\Microsoft\Windows\WindowsUpdateClient\Operational on the client computer.

    • C.

      Examine the System log on the WSUS server.

    • D.

      Examine the %SystemRoot%\WindowsUpdate.log file.

    Correct Answer(s)
    A. Examine the System log on the client computer.
    B. Examine the Applications And Services Logs\Microsoft\Windows\WindowsUpdateClient\Operational on the client computer.
    D. Examine the %SystemRoot%\WindowsUpdate.log file.
    Explanation
    A. Correct: The System log contains high-level information generated by the Windows Update client.
    B. Correct: The Windows Update Operational log contains detailed information generated by the Windows Update client.
    C. Incorrect: In this scenario, only the client computer would be able to report on the cause of the error. Therefore, the information cannot be available on the WSUS server.
    D. Correct: The WindowsUpdate.log file has extremely detailed information generated by the Windows Update client.

    Rate this question:

  • 45. 

    You are a systems administrator for an architecture firm. You have recently deployed WSUS, and you need to verify that updates are being distributed successfully. Which of the following pieces of information can you get from the Update Status Summary report? (Choose all that apply)

    • A.

      Which computer groups a particular update has been approved for

    • B.

      Which computers have successfully installed an update

    • C.

      Whether an update can be removed using WSUS

    • D.

      The number of computers that failed to install an update

    Correct Answer(s)
    A. Which computer groups a particular update has been approved for
    D. The number of computers that failed to install an update
    Explanation
    A. Correct: The Update Status Summary report shows a description of every update and which computer groups the update is approved for.
    B. Incorrect: The Update Status Summary report does not show specifically which computers installed an update, though it does provide the total number of computers.
    However, the Update Detailed Status report does provide this information.
    C. Incorrect: The Update Status Summary report does not show whether an update can be removed using WSUS.
    D. Correct: The Update Status Summary report shows a pie chart with the number of computers the update failed and succeeded for.

    Rate this question:

  • 46. 

    You are in the process of deploying WSUS to your organization. Currently, you are configuring client computers to be members of different computer groups so that you can stagger update deployments. How can you configure the computer group for a computer?(Choose all that apply.) CH9L2

    • A.

      Enable the Configure Automatic Updates policy.

    • B.

      Configure the Enable Client-Side Targeting Group Policy setting.

    • C.

      In the Update Services console, right-click the computer, and then choose Change Membership.

    • D.

      In the Update Services console, drag the computers to the appropriate computer group.

    Correct Answer(s)
    B. Configure the Enable Client-Side Targeting Group Policy setting.
    C. In the Update Services console, right-click the computer, and then choose Change Membership.
    Explanation
    A. Incorrect: You can use the Configure Automatic Updates policy to control whether client computers download updates and notify users or automatically install updates. You cannot use the policy to define computer group memberships,
    however.
    B. Correct: Configuring the Enable Client-Side Targeting Group Policy setting and then specifying a target group name for the computer will place all computers the
    GPO is applied to in the specified computer group.
    C. Correct: Selecting Change Management allows you to specify the computer groups a computer will be placed in.
    D. Incorrect: You cannot use the drag-and-drop feature to move computers in the Update Services console.

    Rate this question:

  • 47. 

    You are configuring a computer named Server to collect events from a computer named Client. Both computers are in the Nwtraders.msft domain. Which of the following commands would you run on the collecting computer?CH10L1

    Correct Answer
    A. Wecutil qc
    Explanation
    A. Correct: You can use the Wecutil utility to automatically configure a computer to collect events.
    B. Incorrect: This command should be run on the forwarding computer.
    C. Incorrect: This command should be run on the forwarding computer.
    D. Incorrect: You don’t need to add the forwarding computer to the Event Log Readers group. Only the collecting computer should be a member of that group.

    Rate this question:

  • 48. 

    You are configuring a computer named Server to collect events from a computer named Client. Both computers are in the Nwtraders.msft domain. Which of the following commands would you run on the forwarding computer? (Choose all that apply.)CH10L1

    Correct Answer(s)
    B. Winrm quickconfig
    C. Net localgroup “Event Log Readers” [email protected] /add
    Explanation
    A. Incorrect: You should run this command on the collecting computer.
    B. Correct: You should run this command on the forwarding computer.
    C. Correct: You should run this command on the forwarding computer.
    D. Incorrect: You don’t need to add the forwarding computer to the Event Log Readers
    group. Only the collecting computer should be a member of that group.

    Rate this question:

  • 49. 

    You create a folder named Marketing on a computer named FileServer and configure NTFS permissions to grant the Domain Users group Read permission and the Marketing group Modify permission. You share the folder and grant the Everyone group Reader permission. Mary, a user account who is a member of both the Marketing group and the Domain Users group, logs on locally to the FileServer computer to access the Marketing folder. What effective permissions will Mary have? CH11L1

    • A.

      No access

    • B.

      Read

    • C.

      Write

    • D.

      Full Control

    Correct Answer
    C. Write
    Explanation
    A. Incorrect: Users have No Access permission if no access control entry applies to them or if they explicitly have a Deny permission assigned. In this case, Mary has Write access because she has the Modify NTFS permission assigned.
    B. Incorrect: Share permissions apply only when users access a folder across the network. Because Mary is accessing the folder from the local computer, only NTFS
    permissions apply. The Marketing group is granted Modify NTFS permissions, which allows Mary to write to the folder (in addition to being able to read the contents of the folder).
    C. Correct: Through Mary’s membership in the Marketing group, Mary has the Modify NTFS permission. Because Mary is not accessing the files using the share, share
    permissions do not affect Mary’s effective permissions. Therefore, Mary can write to the folder.
    D. Incorrect: Full Control permissions allow users to change permissions. Having this level of access would require Mary to have Full Control NTFS permissions.

    Rate this question:

  • 50. 

    You have a folder protected with EFS that contains a file you need to share across the network. You share the folder and assign NTFS and share permissions to allow the user toopen the file. What should you do to allow the user to access the encrypted file without decreasing the security? CH11L1

    • A.

      Right-click the file, and then choose Properties. In the Security tab, add the user’s account.

    • B.

      Right-click the file, and then choose Properties. In the General tab, click Advanced. Click the Details button, and then add the user’s account.

    • C.

      Right-click the file, and then choose Properties. In the General tab, click Advanced. Clear the Encrypt Contents To Secure Data check box.

    • D.

      Do nothing.

    Correct Answer
    D. Do nothing.
    Explanation
    A. Incorrect: This procedure would add NTFS permissions for the user. However, the user already has the necessary NTFS permissions.
    B. Incorrect: This is the correct procedure for allowing local users to share EFSencrypted files. However, it is not necessary when users connect across the network.
    C. Incorrect: Although removing encryption would allow the user to access the file, it would also reduce security.
    D. Correct: EFS affects only users who access files locally. Therefore, because the user is connecting across the network, you do not need to make any changes.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 22, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Aug 27, 2010
    Quiz Created by
    Rayandlisaj

Related Topics

Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.