User:Shankardangi/70642 paper download 2k8

Number: 70-642 Passing Score: 700 Time Limit: 90 min File Version: 1.1

70-642

Windows Server 2008 Network Infrastructure

Exam A

QUESTION 1 Your company has a single active directory forest that has an active directory domain named na.contoso.com zone. you have enabled DNS scavenging on Server1. Three weeks later, you notice that the stale resource records remain in na.contoso.com. You need to ensure that the stale resource records are removed from na.contoso.com. What should you do?

A.	Stop and restart the DNS service on Server1. B.	Enable DNS scavenging on the na.contoso.com zone. C.	Run the dnscmd Server1 /AgeAllRecords command on Server1. D.	Run the dnscmd Server1 /StartScavenging command on Server1.

Answer: B QUESTION 2 Your company has an Active Directory domain named ad.contoso.com The company also has a public namespace named contoso.com. You need to ensure that public DNS zone records cannot be copied. You must achieve this goal without impacting the functionality of public DNS name resolutions. What should you do?

A.	Disable the notify feature for the contoso.com zone. B.	Disable the Allow-Read permission for the Everyone group on the contoso.com DNS domain. C.	Configure the All domain controllers int he domain zone replication option on ad.contoso.com. D.	Configure the Allow zone transfers only to servers listed on the Name Servers option on contoso.com

Answer: D QUESTION 3 Your company has a main office and a branch office. The main office has a domain controller named DC1 that hosts a DNS primary zone. The branc office has a DNS server named SRV1 that hosts a DNS secondary Zone. All client computers are configured to use their local server for DNS resolution. You change the IP address of an existing server named SRV2 in the main office. You need to ensure that SRV1 reflects the change immediately. What should you do?

A.	Restart the DNS server service on DC1 B.	Run the dnscmd command by using the /zonerefresh option on DC1. C.	Run the dnscmd command by using the /zonerefresh option on SRV1. D.	Set the refresh interval to 10 minutes on the Start Of Authority (SOA) record.

Answer: C

QUESTION 4 Your company has an Active Directory domain. The company has a main office and a branch office. Both the offices have domain controllers that run Active Directory-integrated DNS zones. All client computers are configured to use the local domain controllers for DNS resolution. The domain controllers at the branch office location are configured as Read-Only Domain Controllers (RODC). You change the IP address of an exisiting server named SRV2 in the main office. You need the branch office DNS servers to reflect the change immediately. What should you do?

A.	Run the dnscmd /ZoneUpdateFromDs command on the branch office servers. B.	Run the dnscmd /ZoneUpdateFromDs command on a domain controller in the main office. C.	Change the domain controllers at the branch offices from RODCs to standard domain controllers. D.	Decrease the Minimum (default) TTL option to 15 minutes on the Start of Authority (SOA) record for the zone.

Answer: A

QUESTION 5 Your company has a server named Server1 that runs Windows Server 2008. Server1 runs the DHCP server role and the DNS server role. You also have a server named ServerCore that runs a ServerCore installation of Windows Server 2008.

All computers are configured to use only Server1 for DNS resolution. The IP address of Server1 is 192.168.0.1. The network interface on all the computers is named LAN. Server1 is temporarily office. A new DNS server named Server2 has been configured to use the IP address 192.168.0.254. You need to configure ServerCore to use Server2 as the preferred DNS server. What should you do?

A.	Run the netsh interface ipv4 add dnsserver "LAN" static 192.168.0.254 index=1 command B.	Run the netsh interface ipv4 set dnsserver "LAN" static 192.168.0.254 192.168.0.1 both command C.	Run the netsh interfface ipv4 set dnsserver "LAN" static 192.168.0.254 primary command and the netsh interface ipv4 set dnsserver "LAN" static 192.168.0.1 both command. D.	Run the netsh interface ipv4 set dnsserver "LAN" static 192.168.0.254 primary command and the netsh interface ipv4 add dnsserver "LAN" static 192.168.0.1 index=1 command

Answer: A

QUESTION 6 Your company has a domain controller named Server1 that runs Windows Server 2008 and the DNS server role. A server named Server2 runs a custom application.

You need to configure DNS to include the following parameters for the custom application:

Service Priority Weight Protocol Port Number Host offering this service

Which record should you create?

A.	Host Info (HINFO) B.	Service Locator (SRV) C.	Canonical Name (CNAME) D.	Well-Known Service (WKS)

Answer: B

QUESTION 7 Your company has a main office and two branch offices. Domain controllers in the main office host an Active Directory-Integrated zone. The DNS servers in the branch offices host a secondary zone for the domain and use the main office DNS servers as the DNS Master servers for the zone. Each branch office has an application server. Users access the application server by using its fully qualified domain name. You need to ensure that users in the branch offices can access their local application server even if the WAN links are down for three days. What should you do?

A.	Increase the Expires After setting to 4 days on the Start of Authority (SOA) record for the zone. B.	Increase the refresh interval setting o 4 days on the Start of Authority (SOA) record for the zone. C.	Configure the Zone Aging / Scavenging Properties dialog box to enable Scavenge State resource records, and set the refresh setting to 4 days. D.	Configure the Zone Aging / Scavenging Properties dialog box to enable Scavenge Stale resource records, and set the No-refresh interval setting to 4 days.

Answer: A

QUESTION 8 Your company has a single Active Directory forest that has a domain in North America named na.contoso.com and a domain in South America named sa.contoso.com The client computers run Windows Vista. You need to configure the client computers in the North America office to improve the name resolution response time for resources int he South America office What should you do?

A.	Configure a new GPO that disables the Local-Link Multicast Name resolution feature. Apply the policy to all the client computers in the North America office. B.	Configure a new GPO that enabled the Local-Link Multicast Name Resolution feature. Apply the policy to all the client computers in the North America office. C.	Configure a new GPO that configures the DNS suffix search list option to sa.contoso.com, na.contoso.com Apply the policy to all client computers in the North America Office D.	Configure the priority value for the SRV records on each of the North American domain controllers to 5.

Answer: C

QUESTION 9 Your company has multiple DNS servers in the main office. You plan to install DNS on a member server in a branch office. You need to ensure that the DNS server in the branch office is able to query any DNS server in the main office, and you need to limit the number of DNS records that are transferred to the DNS server in the branch office. What should you do?

A.	Configure a secondar zone on the DNS server in the branch office. B.	Configure a stub zone on the DNS server in the branch office C.	Configure a stub zone on the DNS server in the main office. D.	Configure a primary zone on the DNS server in the branch office.

Answer: B

QUESTION 10 Your company has a DNS server named Server1. Your partner company has a DNS server named Server2. You create a stub zone on Server1. The master for the stub zone is Server2. Server2 fails. You discover that users are not able to resolve names for the partner company. You need to ensure that users are able to resolve names for the partner company in the event that Server2 fails. What should you do?

A.	Change the stub zone to a secondary zone on Server1 B.	Open the SOA record for the zone on Server2. Change the Minimum (default) TTL setting to 12 hours. C.	Open the DNS zone for the partner company on Server2. Create a new Route Through (RT) record and a new host (A) record for Server1. D.	Open the primary DNS zone on Server2. Create a new Service Locator (SRV) record and a new host (A) record for Server1.

Answer: A

QUESTION 11 Your company has two servers that run Windows Server 2008 named Server2 and Server3, Both servers have the DNS server role installed. Server3 is configured to forward all DNS requests to Server2. You update a DNS record on Server2. You need to ensure that Server3 is able to immediately resolve the updated DNS record. What should you do?

A.	Run the dnscmd /clearcache on Server3 B.	Run the ipconfig /flushdns command on Server3 C.	Decrease the Time-to-Live (TTL) on the Start of Authority (SOA) record of na.contoso.com to 15minutes D.	Increase the Retry Interval value on the Start of Authority (SOA) record of na.contoso.com to 15 minutes.

Answer: A

QUESTION 12 Your company has a single Active Directory forest that has an Active Directory domain named na.contoso.com A member server named Server2 runs the DNS server role. The Server2 DNS service hosts multiple secondary zones including na.contoso.com. You need to reconfigure Server2 as a caching-only DNS server. What should you do?

A.	Uninstall and reinstall the DNS service on Server2 B.	Change all the DNS zones on Server2 to stub zones C.	Disable and then enable the DNS service on Server2 D.	Delete the na.contoso.com DNS zone domain from Server2. Restart the DNS service on Server2.

Answer: A

QUESTION 13 Your company has an Active Direcotry forest that has five domains. All DNS servers are domain controllers. You need to ensure that users from all domains are able to access a Web server named App1 by browsing http://App1. What should you do?

A.	Configure and enable DFS-R on the Appl1 Web Server B.	Create a host (AAAA) record for the App1 Web server in the DNS zone for the forest root domain C.	Create a zone named GlobalNames on a DNS server. Replicate the GlobalNames zone to all domain controllers int he forest. Create a host (A) record for the App1 Web server in the zone D.	Create a zone named LegacyWINS on a DNS server. Replicated the LegacyWINS zone to all domain controlelrs in the forest. Create a host (A) record for the Appl1 Web server in the zone.

Answer: C

QUESTION 14 Your company has a single Active Directory domain. All servers run Windows Server 2008. you install an additional DNS server that runs Windows Server 2008. You need to delete the pointer record for the IP address 10.3.2.127. What should you do?

A.	Use DNS manager to delete the 127.in-addr.arpa zone. B.	Run the dnscmd /RecordDelete 10.3.2.127 command at the command prompty C.	Run the dnscmd /ZoneDelete 127.in-addr.arpa command at the command prompt. D.	Run the dnscmd /RecordDelete 10.in-addr.arpa 127.2.3 PTR command at the command prompt.

Answer: D

QUESTION 15 Your company has an IPv6 network that has 25 segments. You deploy a server on the IPv6 network. You need to ensure that the server can communicate with all segments on the IPv6 network. What should you do?

A.	Configure the IPv6 address as fd00::2b0:d0ff:fee9:4143/8 B.	Configure the IPv6 address as fe80::2b0:d0ff:fee9:4143/64 C.	Configure the IPv6 address as ff80::2b0:d0ff:fee9:4143/64 D.	Configure the IPv6 address as 0000::2b0:d0ff:fee9:4143/64

Answer: A

QUESTION 16 Your company has recently deployed a server that runs Windows Server 2008. The server has the IP information shown below.

IP address 192.168.46.186 Subnet mask: 255.255.255.192 Default gateway: 192.168.46.1

Users on remote subnets report that they are unable to connect to the server.

You need to ensure all users are able to connect to the server.

What should you do?

A.	Change the IP address to 192.168.46.129 B.	Change the IP address to 192.168.46.200 C.	Change the subnet mask to a 24-bit mask D.	Change the subnet mask to a 27-bit mask.

Answer: C

QUESTION 17 Your company has a main office and a branch office. Users in the branch office report that they are unable to access shared resources in the main office. You discover that computers in the branch office have IP addresses in the range of 169.254.x.x you need to ensure that computers can connect to shared resources in both the main office and the branch office. What should you do?

A.	Configure a DHCP relay agent on a member server in the main office B.	Configure a DHCP relay agent on a member server in the branch office C.	Configure the Broadcast Address DHCP server option to include the main offices DHCP server address D.	Configure the Resource Location Servers DHCP server option to include the main offices server ip addresses.

Answer: B

QUESTION 18 Your network uses IPv4. You install a server that runs Windows Server 008 at a brach office. The server is configured with two network interfaces. You need to configure routing on the server at the branch office. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.	Install the Routing and Remote Access role. B.	Run the netsh ras ip set access ALL command C.	Run the netsh interface ipv4 enable command D.	Enable the IPv4 Router Routing and Remote Access option

Answer: AD

QUESTION 19 Your company is designing its public network. The network will use an IPv4 range of 131.107.40.0/22. The network must be configured as shown in the following exhibit.

Segment A : 270 nodes Segment B : 130 Nodes Segment C : 75 nodes Segment D : 20 Nodes

You need to configure subnets for each segment.

Which network addresses should you assign?

A.	Segment A: 131.107.40.0/23 Segment B: 131.107.42.0/24 Segment C: 131.107.43.0/25 Segment D: 131.107.43.128/27 B.	Segment A:131.107.40.0/25 Segment B: 131.107.40.128/26 Segment C: 131.107.43.192/27 Segment D: 131.107.43.224/30 C.	Segment A: 131.107.40.0/23 Segment B: 131.107.41.0/24 Segment C: 131.107.41.128/25 Segment D: 131.107.43.0/27 D.	Segment A: 131.107.40.128/23 Segment B: 131.107.43.0/24 Segment C: 131.107.44.0/25 Segment D: 131.107.44.128/27

Answer: A

QUESTION 20 Your company has an Active Directory domain. A server named Server1 runs the Network Access Policy server role. You need to disable IPv6 for all connections except for the tunnel interface and the IPv6 Loopback interface. What should you do?

A.	Run the netsh ras ipv6 set command B.	Run the netsh interface ipv6 delete command C.	Run ipv6.exe and remove the IPv6 protocol D.	From the Local Area connection Properties, uncheck Internet Protocol Versions 6 (TCP/IPv6)

Answer: D

QUESTION 21 Your company has a single Active Directory domain. All servers run Windows Server 2008. The company network has 10 servers that perform as Web servers. All confidential files are located on a server named FSS1. The company security policy states that all confidential data must be transmitted in the most secure manner. When you monitor the network, you notice that the confidential files are stored on the FSS1 server are being transmitted over the network without encryption. You need to ensure taht encryption is always used when the confidential files on the FSS1 server are transmitted over the network. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose Two)

A.	Deactivate all LM and NTLM authentication methods on the FSS1 server B.	Use IIS to publish the confidentials files. activate SSL on the ISS server, and then open the files as a web folder. C.	Use IPSec encryption between the FSS1 server and the computers of the users who need to access the confidential files D.	Use the Server Message Block (SMB) signing between the FSS1 server and the computers of the users who want to access the confidential files. E.	Activate offline files for the confidential files that are stored on the FSS1 server. In the Folder Advanced Properties dialog box, select the Encrypt contents to secure data option.

Answer: BC

QUESTION 22 Your company has an Active Directory forest. The corporate network uses DHCP to configure client computer IP addresses. The DHCP server has a DHCP client reservation for a portable computer named WKS1. You install a second DHCP server on the network. You need to ensure that WKS1 receives the DHCP reservation from the DHCP service. What should you do?

A.	Run the ipconfig /renew command on WKS1 B.	Run the netsh add helper command on WKS1 C.	Add the DHCP reservation for WKS1 to the second DHCP server D.	Add both DHCP servers to the RAS and IAS Servers group in the Active Directory domain

Answer: C

QUESTION 23 Your network consists of a single Active Directory domain. The domain contains a server named Server1 that runs Windows Server 2008. All client computers run Windows Vista. All computers are members of the Active Directory domain. You assign the Secure Server (Require Security) IPsec policy to Server1 by using a GPO. Users report that they fail to connect to Server1. You need to ensure that users can connect to Server1. All connections to Server1 must be encrypted. What should you do?

A.	Restart the IPsec Policy Agent service on Server1 B.	Assign the Client (Respond Only) IPsec policy to Server1 C.	Assign the Server (Request Security) IPsec Policy to Server1 D.	Assign the Client (Respond Only) IPsec policy to all client computers

Answer: D

QUESTION 24 You have a DHCP server that runs Windows Server 2008. The DHCP server has two network connections named LAN1 and LAN2. You need to prevent the DHCP server from responding to DHCP client requests on LAN2. The server must continue to respond to non-DHCP client requests on LAN2. What should you do?

A.	From the DHCP snap-in, modify the bindings to associate only LAN1 with the DHCP service B.	From the DHCP snap-in, create a new multicast scope C.	From the properties of the LAN1 network connection, set the metric value to 1 D.	From the properties of the LAN2 network connection, set the metric value to 1

Answer: A

QUESTION 25 You have a Windows Server 2008 computer that has an IP address of 172.16.45.9/21. The server is configured to use IPv6 addressing. You need to test IPv6 communication to a server that has an IP address of 172.16.40.18/21. What should you do from a command prompt?

A.	Type ping 172.16.45.9:::::. B.	Type ping ::9.45.16.172. C.	Type ping followed by the Link-local address of the server D.	Type ping followed by the Site-local address of the server

Answer: C

QUESTION 26 Your company has four DNS servers that run Windows Server 2008. Each server has a static IP address. You need to prevent DHCP from assigning the addresses of the DNS servers to DHCP clients. What should you do?

A.	Create a new scope for the DNS servers. B.	Create a reservation for the DHCP server C.	Configure the 005 Name Servers scope option D.	Configure an exclusion that contains the IP addresses of the four DNS servers

Answer: D

QUESTION 27 You manage a server that runs Windows Server 2008. The D:\Payroll folder is corrupted. The most recent backup version is 10/29/2007-09:00. You need to restore all the files in the D:\Payroll folder back to the most recent backup version without affecting other folders on the server. What should you do on the server?

A.	Run the Recover d:\Payroll comamnd B.	Run the WBadmin restore catalog-backuptarget:D: -version: 10/29/2007-09:00 Cquiet command C.	Run the WBadmin start recovery-backuptarget:D: -version: 10/29/2007-09:00 Coverwrite Cquiet command D.	Run the Wbadmin start recovery-version:10/29/2007-09:00 -itemType:File -items d:\payroll -overwrite -recursive Cquiet command.

Answer: D

QUESTION 28 Your company has a server named SRV1 that runs Windows Server 2008. The default Print Server role is installed on SRV1 The company wants to centralize printing on SRV1 for both UNIX and Windows users. You need to provide support to the UNIX users who print on SRV1. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

A.	Install the Internet Printing server role on SRV1. B.	Install the Line Printer Daemon (LPD) Services role service on SRV1 C.	Configure the printers on SRV1 to use Line Printer Remote printing D.	Install the File Server role on SRV1 and activate the services for the NFS Role Service option.

Answer: AB

QUESTION 29 Your company has a domain with multiple sites. You have a domain-based DFS namespace called \\contoso.com\Management. The \\contoso.com\Management namespace hierachy is updated frequently. You need to configure the \\contoso.com\Management namespace to reduce the workload of the PDC emulator. What should you do?

A.	Enable the Optimize for scalibity option B.	Enable the optimize for consistency option C.	Set the Ordering method option to Lowest cost D.	Set the Ordering method option to Random order

Answer: A

QUESTION 30 Your company has an Active Directory domain. The company also has a server named Server1 that runs Windows Server 2008.

You install the File Server role on Server1. You create a shared folder named AcctgShare on Server1.

The permissions for the shared folder are configured as shown in the following table.

You need to ensure members of the managers group can only view and open files in the shared folder.

A.	Modify the share permissions for the Managers group to Reader. B.	Modify the share permissions for the Accounting Users group to Contributer C.	Modify the NTFS permissions for the Managers group to Modify D.	Modify the NTFS permissions for the Authenticated Users group to Modify and the share permissions to Contributer

Answer: A

QUESTION 31 You have a file server that runs Windows Server 2008. A user restores a large file by using the Previous Versions tab. You need to view the progress of the file restoration. What should you do?

A.	From the command prompt, run shadow.exe /v B.	From the command prompt, run vssadmin.exe query reverts C.	From Computer Management, click on the Shared Folders node and then click on Sessions. D.	From Computer Management, click on the Shared Folders node and then click on Open Files.

Answer: B

QUESTION 32 Your company has a server named Server1 that runs Windows Server 2008. The Windows Backup and Restore utility is installed on Server1. Server1 fails. You install a new server named Server2 that runs Windows Server 2008. You need to restore the companys Windows SharePoint Services (WSS) site to Server2 What should you do?

A.	Use Wbadmin to restore the system state from backup B.	Run Wbadmin with the Get Versions option. Install WSS C.	Run Wbadmin with the Start Recovery option. Install WSS D.	Use Wbadmin to restore the application and the sites from backup

Answer: D

QUESTION 33 You have a file server that runs Windows Server 2008. You configure quotas on the server. You need to view each users quota usage on a per folder basis. What should you do?

A.	From File Server Resource Manager, create a File Screen B.	From File Server Resource Manager, create a Storage Management report. C.	From the command prompt, run dirquota.exe quota list. D.	From the properties of each volume, review the Quota Entries list.

Answer: B

QUESTION 34 Your network consists of a single Active Directory domain. All servers run Windows Server 2008. You have a server named Server1 that hosts shared documents. Users report extremely slow response times when they try to open the shared documents on Server1. You log on to Server1 and observe real-time data indicating that the processor is operating at 100 percent of capacity. You need to gather additional data to diagnose the cause of the problem. What should you do?

A.	In the Performance console, create a counter log to track processor usage. B.	In Event View, open and review the application log for Performance events. C.	In Windows Reliability and Performance Monitor, use the Resource View to see the percentage of processor capacity used by each application. D.	In Windows Reliability and Performance Monitor, create an alert that will be triggered when processor usage exceeds 80 percent for more than five minutes on Server1.

Answer: C

QUESTION 35 Your company has a main office and a branch office. The branch office has three servers that run a Server Core installation of Windows Server 2008. The servers are named Server1, Server2, Server3. You want to configure the Event Logs subscription on Server1 to collect events from Server2 and Server3. You discover that you cannot create a subscription on Server1 from another computer. You need to configure a subscription on Server1. which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.	Run the wecutil cs subscription.xml command on Server1 B.	Run the wevutil im subscription.xml command on Server1 C.	Create an event collector subscription configuration file. name the file subscription.xml D.	Create a custom view on Server1 by using Event View. Export the custom view to a file named subscription.xml

Answer: AC

QUESTION 36 You have two servers that run Windows Server 2008 named Server1 and Server2. You install WSUS on both servers. You need to configure WSUS on Server1 to receive updates from Server2. What should you do on Server1?

A.	Configure a proxy server B.	Configure a upstream server C.	Create a new replica group D.	Create a new computer group

Answer: B

QUESTION 37 Your company has a network that has 100 servers. A server named Server1 is configured as a file server. Server1 is connected to a SAN and has 15 logical drives. You want to automatically run a data archiving script if the free space on any of the logical drives is below 30 percent. You need to automate the script execution. You create a new Data Collector Set. What should you do next?

A.	Add the Event trace data collector B.	Add the Performance counter alert C.	Add the Performance counter data collector D.	Add the System configuration data collector

Answer: B

QUESTION 38 You install WSUS on a server that runs Windows Server 2008. You need to ensure taht the traffic between the WSUS administrative website and the server administrators computer is encrypted. What should you do?

A.	Configure SSL encryption on the WSUS server website. B.	Run the netdom trust /SecurePasswordPrompt command on the WSUS server C.	Configure the NTFS permissions on the content directory to Deny Full Controll permission to the Everyone group D.	Configure the WSUS server to require Integrated Windows Authentication (IWA) when users connect to the WSUS server.

Answer: A

QUESTION 39 You perform a security audit of a server named DC1. You install the Microsoft Network Monitor 3.0 application on DC1. You plan to capture all the LDAP traffic that comes to and goes from the server between 20:00 and 07:00 the next day and save it to the e:\data.cap file. You create a scheduled task. You add a new Start a program action to the task. You need to add the application name and the application arguments to the new action. What should you do?

A.	Add nmcap.exe as the application name. Add the /networks * /capture LDAP /file e:\data.cap /stopwhen /timeafter 11hours line as arguments B.	Add netmon.exe as the application name. Add the /networks */capture LDA /file e:\data.cap /stopwhen /timeafter 11hours line as arguments C.	Add nmcap.exe as the application name. Add the /networks * /capture !LDAP /file e:\data.cap /stopwhen /timeafter 11hours line as arguments D.	Add nmconfig.exe as the application name. Add the /networks */capture &LDAP /file e:\data.cap /stopwhen /timeafter 11hours line as arguments.

Answer: A

QUESTION 40 You perform a security audit on a server named Server1. You install the Microsoft Network Monitor 3.0 application on Server1. You find taht only some of the captured frames dsplay host mnemonic names in the Source column and the Destination column. All other frames display IP addresses. You need to display mnemonic host names instead of IP addresses for all the frames what should you do?

A.	Create a new display filter and apply the filter to the capture B.	Create a new capture filter and apply the filter to the capture C.	Populate the Aliases table and apply the aliases to the capture D.	Configure the Network Monitor Application to enable the Enable Converstations option,. Recapture the data to a new file.

Answer: C

QUESTION 41 Your company has a main office and 15 branch offices. The company has a single Active Directory domain. All servers run Windows Server 2008.

You need to ensure that the VPN connections between the main office and the branch offices meet the following requirements:

All data must be encrypted by using end-to-end encryption. The VPN connection must use computer-level authentication User names and passwords cannot be used for authentication.

What should you do?

A.	Configure an IPsec connection to use tunnel mode and preshared key authentication. B.	Configure a PPTP connection to use version 2 of the MS-CHAP v2 authentication. C.	Configure a L2TP/IPsec connection to use the EAP-TLS authentication D.	Configure a L2TP/IPsec connection to use version 2 of the MS-CHAP v2 authentication.

Answer: C

QUESTION 42 Your corporate network has a member server named RAS1 that runs Windows Server 2008. You configure RAS1 to use the Routing and Remote Access Service (RRAS) The companys remote access policy allows members of the Domain Users group to dial in to RAS1. The company issues smart cards to all employees. You need to ensure that smart card users are able to connect to RAS1 by using a dial-up connection. What should you do?

A.	Install the Network Policy Server (NPS) on the RAS1 server B.	Create a remote access policy that requires users to authenticate by using SPAP C.	Create a remote access policy that requires users to authenticate by using EAP-TLS D.	Create a remote access policy that requires users to authenticate by using MS-CHAP v2

Answer: C

QUESTION 43 Network Access Protection (NAP) is configured for the corporate network. Users connect to the corporate network by using portable computers. The company policy required confidentiality of data when the data is in transmit between the portable computers and the servers. You need to ensure that users can access network resources only from computers that comply with the company policy. What should you do?

A.	Create an IPsec Enforcement Network policy B.	Create an 802.1X enforcement network policy C.	Create a wired network (IEEE 802.3) Group Policy D.	Create an Extensible Authentication Portocol (EAP) Enforcement Network Policy

Answer: A

QUESTION 44 Your company has a single Active Directory domain and an enterprise root certifficate authority. The company plans to use Network Access Protection (NAP) to protect the VPN connections.

You build two servers named NPS1 and VPN1. You configure the following functions on the two servers as shown in the following table. You need to ensure that the system health policy is applied to all client computers that attempt VPN connections.

What should you do?

A.	Reconfigure NPS1 as a radius client B.	Reconfigure VPN1 as a radius client C.	Add the NAP role to a domain controller D.	Add the NAP role to an Enterrpise Certificate server.

Answer: B

QUESTION 45 Your company has Active Directory Certificate Services (AD CS) and Network Access Protection (NAP) deployed on the network. You need to ensure that NAP policies are enforced on portable computers that use a wireless connection to access the network. What should you do?

A.	Configure all access points to use 802.1X authentication B.	Configure all protable computers to use MS-CHAP v2 authentication C.	Use the Group Policy Management Console to access the wireless group policy settings, and enable the Prevent connections to ad-hoc networks option. D.	Use the Group Policy Management Console to access the wireless group policy settings, and disable the Prevent connections to infrastructure networks option.

Answer: A

QUESTION 46 Your company has a single Active Directory domain. The domain has servers that run Windows Server 2008. you have a server named NAT1 that functions as a NAT server. You need to ensure that administrators can access a server named RDP1 by using Remote Desktop Protocol (RDP). What should you do?

A.	Configure NAT1 to forward port 389 to RDP1 B.	Configure NAT1 to forward port 1432 to RDP1 C.	Configure NAT1 to forward port 3339 to RDP1 D.	Configure NAT1 to forward port 3389 to RDP1

Answer: D

QUESTION 47 Your company has Active Directory Certificate Services (AD CS) and Network Access Protection (NAP) deployed on the network. You need to configure the wireless network to accept smart cards. What should you do?

A.	Configure the wireless network to use WPA2, PEAP and MSCHAP v2 B.	Configure the wireless network to use WPA2, 802.1X authentication and EAP-TLS C.	Configure the wireless network to use WEP, 802.1X authentication, PEAP, and MSCHAP v2 D.	Configure the wireless network to use WPA, PEAP, and MSCHAP v2 and also require strong user passwords

Answer: B

Remember EAP-TLS - Authentication without usernames and password.

QUESTION 48 Your company has a single active directory domain. The company network is protected by a firewall. Remote users connect to your network through a VPN server by using PPTP. When the users try to connect to the VPN server, they receive the following error message: Error 721: The remote computer is not responding. You need to ensure that users can establish a VPN connection. What should you do?

A.	Open port 1423 on the firewall B.	Open port 1723 on the firewall C.	Open port 3389 on the firewall D.	open port 6000 on the firewall

Answer: B

QUESTION 49 Your company uses Network Access Protection (NAP) to enforce policies on client computers that connect to the network. Client computers run Windows Vista. A Group Policy is used to configure client computers to obtain updates from WSUS. Company policy requires that updates labeled important and Critical must be applied before client computers can access network resources. You need to ensure that client computers meet the company policy requirement. What should you do?

A.	Enable automatic updates on each client B.	enable the Security Center on each client C.	Quarantine clients that do not have all availible security updates installed D.	Disconnect the remote connection until the required updates are installed.

Answer: C

QUESTION 50 You have a server that runs Windows Server 2008. You need to prevent the server from establishing communication sessions to other computers by using TCP port 25. What should you do?

A.	From Windows Firewall, add an exception B.	From windows Firewall enable the block all incoming connections option C.	From the Windows Firewall with Advanced Security snap-in, create an inbound rule D.	From the Windows Firewall with Advanced Security snap-in, create an outbound rule.

Answer: D

QUESTION 51 You have a server that runs Windows Server 2008 You need to configure the server as a VPN server. What should you install on the server?

A.	Windows Deployment Services role and Deployment Server role service B.	Windows Deployment Services role and Deployment transport role service C.	Network Policy and Access services role and routing and remote access services role service D.	Network Policy and access services and host credential authorization protocol role service

Answer: C

QUESTION 52 You deploy a Windows Server 2008 VPN server behind a firewall. Remote users connect to the VPN by using portable computers taht run Windows Vista with the latest service pack. the firewall is configured to allow only secured Web communications. you need to enable remote users to connect as securely as possible. You must achieve this goal without opening any additional ports on the firewall. What should you do?

A.	Create an IPsec tunnel B.	Create an SSTP VPN connection C.	Create a PPTP VPN connection D.	Create a L2TP VPN connection

Answer: B

Exam B

QUESTION 1 Your company has an Active Directory forest. All domain controllers run the DNS server role. The company plans to decommission the WINS service. You need to enable forest-wide single name resolution. What should you do?

A.	Enable WINS-R lookup in DNS B.	Create Service Locator (SRV) records for the single name resources C.	Create an Active Directory-Integrated zone named LegacyWINS. Create host (A) records for the single name resources D.	Create an Active Directory-integrated zone named GlobalNames. Create host (A) records for the single name resources

Answer: D

QUESTION 2 Your company has a single domain named contoso.com. The contoso.com DNS zone is Active Directory-integrated. Your partner company has a single domain named partner.com. The partner.com DNS zone is Active Directory-integrated. The IP Addresses of the DNS servers in the partner domain will change. You need to ensure name resolution for users in contoso.com to resources in partner.com on each DNS server in contoso.com. What should you do?

A.	Create a stub zone for partner.com on each DNS server in contoso.com B.	Configure the zone replication scope for partner.com to replicate to all DNS servers in the forest C.	Configure an application directory partition in the contoso.com forest. Enlist all DNS servers in the contoso.com forest in the partition D.	Configure an application directory partition in the partner forest. Enlist all DNS servers in the partner forest in the partition.

Answer: A

QUESTION 3 Contoso Ltd. has a single Active Directory forest that has five domains. Each domain has two DNS servers. Each DNS server hosts Active Directory-integrated zones for all five domains. All domain controllers run windows server 2008. Contoso acquires a company names Tailspin Toys. Tailspin Toys has a single Active Directory forest that contains a single domain. You need to configure the DNS system in the Contoso forest to provide name resolution for resources in both forests. What should you do?

A.	Configure client computers in the Contoso forest to use the Tailspin Toys DNS server as the alternate DNS server B.	Create a new conditional forwarder and store it in Active Directory. Replicate the new conditional forwarded to all DNS server in the Contoso forest. C.	Create a new application directory partition in the Contoso forest. Enlist the directory partition for all DNS servers D.	Create a new host (A) record in the GlobalNames folder on one of the DNS servers in the Contoso forest. Configure the host (A) record by using the Tailspin Toys domain name and the IP address of the DNS server in the Tailspin Toys forest.

Answer: B

QUESTION 4 Your company has an Active Directory domain named ad.contoso.com All client computers run Windows Vista. The company has recently acquired a company that has an Active Directory domain named ad.fabrikam.com. A two-way forest trust is established between the ad.fabrikam.com domain and the ad.contoso.com domain. You need to edit the ad.contoso.com domain Group Policy Object (GPO) to enable users in ad.contoso.com domain to access resources in the ad.frabrikam.com domain. What should you do?

A.	Configure the DNS suffix Search List option to ad.contoso.com, ad.fabrikam.com B.	Configure the Allow DNS Suffix appending to Unqualified Multi-Label Name Queries option to True C.	Configure the Primary DNS Suffix to ad.contoso.com, ad.fabrikam.com. configure the Primary DNS suffix Devolution option to True D.	Configure the Primary DNS Suffix to ad.contoso.com, ad.fabrikam.com. configure the Primary DNS suffix Devolution option to False

Answer: A

QUESTION 5 Your company has a main office and two branch offices that are connected by WAN links. The main office runs the DNS service on three domain controllers. The zone for your domain is configured as an Active Directory-integrated zone.

Each branch office has a single member server that hosts a secondary zone for the domain. The DNS servers in the branch offices use the main office DNS server as the DNS Master server for the zone. You need to minimize DNS zone transfer traffic over the WAN links. What should you do?

A.	Decrease the Retry Interval setting in the Start of Authority (SOA) record for the zone B.	Decrease the Refresh Interval setting in the Start of Authority (SOA) record for the zone C.	Increase the Refresh Interval setting in the Start of Authority (SOA) record for the zone D.	Disable the netmask ordering option in the properties of the DNS master server for the zone.

Answer: C

QUESTION 6 Your company has a main office and two branch offices. Domain controllers in the main office host an Active Directory-integrated zone. The DNS servers in the branch office host a secondary zone for the domain and use the main office DNS servers as their DNS master servers for the zone. The company adds a new branch office. You add a member server named Branch3 and install the DNS service on the server. You configure a secondary zone for the domain. The zone transfer fails. You need to configure DNS to provide zone data to the DNS server in the new branch office. What should you do?

A.	Run dnscmd using the ZoneResetMasters option B.	Run dnscmd by using the ZoneResetSecondaries option C.	Add the new DNS server to the Zone Transfers tab on one of the DNS servers in the main office D.	Add the new DNs server to the DNSUpdateProxy Global security group in Active Directory Users and Computers

Answer: C

QUESTION 7 Your company has a main office and a branch office. The main office has a domain controller named DC1 that hosts a DNS primary zone. The branch office has a DNS server named SRV1 that hosts a DNS secondary zone. All client computers are configured to use their local server for DNS resolution. You change the IP address of an exisiting server named SRV2 in the main office. You need to ensure SRV1 reflects the change immediately. What should you do?

A.	Restart the DNS Server service on DC1 B.	Run the dnscmd command by using the /zonerefresh option on DC1 C.	Run the dnscmd command by using the /zonerefresh option on SRV1 D.	Set the refresh interval to 10 minutes on the Start Of Authority (SOA) record.

Answer: C

QUESTION 8 Your company has a single Active Directory domain named contoso.com. All servers run Windows Server 2008. You have a public DNS server named Server1, and an e-mail server named Server2. Client computers outside the company domain are unable to send e-mail messages to contoso.com You verify that the host (A) DNS record for Server2 is availible to external client computers. You need to ensure Server2 can receive e-mail messages from external client computers. How should you configure the contoso.com DNS zone?

A.	Add a Mail Exchange (MX) record for Server2 B.	Add a Mailbox (MB) record for Server2. Set the Mailbox Host setting to Server2 C.	Add a Canonical (CNAME) record that maps Server2 to contoso.com D.	Add a Service Locator (SRV) record for Server2. Set the Service field to _smtp. Set the Protocol field to _tcp. Set the Port Number to 25.

Answer: A

QUESTION 9 Your company has a single Active Directory domain. The company has a main office and three branch offices. The domain controller in the main office runs Windows 2008 Server and provides DNS for the main office and all of the branch offices.

Each branch office runs Windows Server 2008. Users in the branch offices report that it takes a long time to access network resources. You confirm that there are no problems with WAN connectivity or bandwidth. you need to ensure that users in the branch offices are able to access network resources as quickly as possible. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.	Configure a standard primary zone in each of the branch offices B.	Configure forwarders that point to the DNS server in the main office C.	Configure a secondary zone in each of the branch offices that uses the main office DNS server as a master D.	Install DNS Servers in each of the branch offices.

Answer: CD

QUESTION 10 Your company has a single Active Directory forest that has six domains. All DNS servers in the forest run Windows Server 2008. You need to ensure that all public DNS queries are channeled through a single-caching-only DNS server.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.	Disable the root hints B.	Enable BIND secondaries C.	Configure a forwarder to the caching DNS server D.	Configure a GlobalNames host (A) record for the hostname of the caching DNS server

Answer: AC

QUESTION 11 Your company has a server named Server1 that runs a Windows Server 2008 Core Installation, and the DNS server role. Server1 has one network interface named Local Area Connection. The static IP address of the network interface is configured as 10.0.0.1. You need to create a DNS zone named local.contoso.com on server1. Which command should you use?

A.	ipconfig /registerdns:local.contoso.com B.	dnscmd Server1 /ZoneAdd local.contoso.com /DSPrimary C.	dnscmd Server1 /ZoneAdd local.contoso.com /Primary /file local.contoso.com.dns D.	netsh interface ipv4 set dnsserver name=local.contoso.com static 10.0.0.1 primary

Answer: C

QUESTION 12 Your company has a single Active Direcotry forest that has a domain in North America named na.contoso.com and a domain in south America named sa.contoso.com. The client computers run Windows Vista. You need to configure the client computers in North America offce to improve the name resolution response time for reosurces in the South Ameirca office. What should you do?

A.	Configure a new GPO that disables the Local-Link Multicast Name Resolution feature. Apply the policy to all the client computers int he north america office. B.	Configure a new GPO that enables the Local-Link Multicast Name Resolution feature. apply the policy to all the client computers in the North America office. C.	Configure a new GPO that configures the DNS suffix search list option to sa.contoso.com, na.contoso.com apply the policy to all the client computers in the North America Office D.	Configure the priority value for the SRV records on each of the North America domain controllers to 5.

Answer: C

QUESTION 13 Your company uses Active Directory integrated DNS. Users require access to the internet. You run a network capture. You notice the DNS server is sending DNS name resolution queries to a server named f.root-servers.net.You need to prevent the DNS server from sending queries to f.root-servers.net The server must be able to resolve names for internet hosts. Which two actions should you perform? (Each correct answer provides part of the solution. Choose two)

A.	Enable forwarding to your ISPs DNS servers. B.	Disable the root hints on the DNS server C.	Disable the netmask ordering option on the DNS server D.	Configure Reverse Lookup zones for the IP subnets on the network

Answer: AB

QUESTION 14 Your company has a domain controller that runs Windows Server 2008 and the DNS role. The DNS domain is named contoso.com You need to ensure that inquries about contoso.com are sent to dnsadmin@contoso.com What should you do?

A.	Create a signature (SIG) record for the domain controller B.	Modify the Name Server (NS) record for the domain controller C.	Modify the Service Locator (SRV) record for the domain controller D.	Modify the Start of Authority (SOA) record ont he domain controller

Answer: D

QUESTION 15 Your network consists of a single Active Directory domain. The domain contains a server named Server1 that runs Windows Server 2008. All client computers run Windows Vista. All computers are members of the Active Directory domain. You assign the Secure Server (Require Security) IPsec policy to Server1 by using a GPO. Users report that they fail to connect to Server1. You need to ensure that users can connect to Server1. All connections to Server1 must be encrypted. What should you do?

A.	Restart the IPsec Policy Agent service on Server1 B.	Assign the Client (Respond Only) IPsec policy to Server1 C.	Assign the Server (Request Security) IPsec policy to Server1 D.	Assign the Client (Respond Only) IPsec policy to all client computers.

Answer: D

QUESTION 16 Your company has computers in multiple locations that use IPv4 and IPv6. Each location is protected by a firewall that performs symmetric NAT. You need to allow peer-to-peer communication between all locations. What should you do?

A.	Configure dynamic NAT on the firewall B.	Configure the firewall to allow the use of Teredo C.	Configure a link local IPv6 address for the internal interface of the firewall D.	Configure a global IPv6 address for the external interface of the firewall

Answer: B

Look up Teredo very interesting - worth the Enquiry

QUESTION 17 Your company has servers that run Windows Server 2008. All client computers run Windows XP Service Pack 2 (SP2). Windows 2000 Professional, or Windows Vista. You need to ensure all computers can use the IPv6 protocol. What should you do

A.	Install Serivce Pack 4 on all Windows 2000 Professional computers B.	Upgrade the Windows 2000 professional computers to Windows XP SP2 C.	Run the IPv6.exe tool on the Windows 2000 Professional and Windows XP computers D.	Install Active Directory Client extention (DSClient.exe) on the Windows 2000 Professional and Windows XP computers.

Answer: B

QUESTION 18 Your company has a single Active Directory domain. All servers run Windows Server 2008. The company network has servers that perform as Web Servers. All confidential files are located on a server named FSS1. The company security policy states that all confidential data must be transmitted in the most secure manner. When you monitor the network you notice that the confidential files stored on FSS1 server are being transmitted over the network without encryption. You need to ensure that encryption is always used when the confidential files on the FSS1 server are transmitted over the network. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

A.	Deactivate all LM and NTLM authentication methods on FSS1 server B.	Use IIS to publish the confidential files, activate SSL on the IIS server, and then open the files as a web folder C.	Use IPsec encryption between the FSS1 server and the computers of the users who need to access the confidential files. D.	Use the Server Message Block (SMB) signing between the FSS1 server and the computers of the users who want to access the confidential files. E.	Activate offline files for the confidential files that are stored on the FSS1 server. In the Folder Advanced Properties box, select the Encrypt contents to secure data optiion

Answer: BC

QUESTION 19 You have a DHCP server that runs Windows Server 2008. You restore the DHCP database by using a recent backup. You need to prevent DHCP clients from receiveing IP addresses that are currently in use on the network. What should you do?

A.	Add the DHCP server option 15 B.	Add the DHCP server option 44 C.	Set the Conflict Detection value to 0 D.	Set the Conflict Detection value to 2

Answer: D

QUESTION 20 Your company has an Active Directory domain. A server named Server1 runs the Network Access Policy server role. You need to disable IPv6 for all connections except for the tunnel interface and the IPv6 Loopback interface. What should you do?

A.	Run the netsh ras ipv6 set command B.	Run the netsh interface ipv6 delete command C.	Run ipv6.exe and remove the IPv6 Protocol D.	From the Local Area Connection Properties, uncheck Internet Protocol Version 6 (TCP/IPv6)

Answer: D

QUESTION 21 Your company has a single Active Directory domain. The domain runs at the functional level of Windows Server 2003. You install the DHCP service on a server named DHCP1. You attempt to start the DHCP service, but it does not start. You need to ensure that the DHCP service starts. What should you do?

A.	Restart DHCP1 B.	Configure a scope on DHCP1 C.	Activate the scope on DHCP1 D.	Authorize DHCP1 in the Active Directory domain

Answer: D

QUESTION 22 Your company has an IPv6 Ethernet network.

A router named R1 connects your segment to the internet. A router named R2 joins your subnet with a segment named Private1. The Private1 segment has a network address of 10.128.4.0/26.

Your computer named WKS2 required access to servers on the Private1 network.

The WKS1 computer configuration in shown in the following table. The routers are configured as shown in the following table. WKS1 is unable to connect to the Private1 network by using the current configuration.

You need to add a persistent route for the Private1 network to the routing table on WKS1.

A.	Rout add -p 10.128.4.0/22 10.128.4.1 B.	Route add Cp 10.128.4.0/26 10.128.64.10 C.	Route add Cp 10.128.4.0 mask 255.255.255.192 10.12.64.1 D.	Route add Cp 10.128.64.10 mask 255.255.255.192 10.128.4.0

Answer: B

QUESTION 23 You have a DHCP server that runs Windows Server 2008. You need to reduce the size of the DHCP database. What should you do?

A.	From the DHCP snap-in, reconcile the database B.	From the folder that contains the DHCP database, run jetpack.exe dhcp.db temp.mdb C.	From the properties of the dhcp.mdb file, enabled the File is ready for archiving attribute. D.	From the properties of the dhcp.mdb file, enable the Compress contents to save diskspace attribute

Answer: B

QUESTION 24 You configure a new file server that runs Windows Server 2008. Users access shared files on the file server.

Users report that they are unable to access the shared files.

The TCP/IP properties for the file server are configured as shown in the following exhibit. You need to ensure that users are able to access the shared files.

How should you configure the TCP/IP properties in the file server?

Exhibit:

A.	Configure a static IP address B.	Configure the default gateway C.	Configure the DNS server address D.	Add the domain to the DNS suffix on the network interface

Answer: A

QUESTION 25 Your company uses DHCP to lease IPv4 addresses to computers at the main office. A WAN link connects the main office to a branch office. All computers in the branch office are configured with static IP addresses. The branch office does not use DHCP and uses a different subnet. You need to ensure that the portable computers can connect to network resources at the main office and the branch office. How should you configure each portable computer?

A.	Use a static IPv4 address in the range used at the branch office. B.	Use an alternate configureation that contains a static IP address in the range used at the main office C.	Use the address that was assigned by DHCP as a static IP address D.	Use an alternate configuration that contains a static IP address in the range used at the branch office.

Answer: D

QUESTION 26 You have a DHCP server named Server1 and an application server named Server2. Both servers run Windows Server 2008. The DHCP server contains one scope. you need to ensure that server2 always receives the same IP address. Server2 must receive its DNS settings and its Wins settings from DHCP. What should you do?

A.	Create a multicast scope B.	Assign a Static IP address to Server2 C.	Create an exclusion range in the DHCP scope D.	Create a DHCP reservation in the DHCP scope.

Answer: D

QUESTION 27 Your network contains a server that runs Windows Server 2008. The server has the Network Policy Server (NPS) service role installed. You need to allow only members of a global group named Group1 VPN access to the network. What should you do?

A.	Add Group1 to the RAS and IAS Servers Group B.	Add Group1 to the Network Configuration Operators group C.	Create a new network policy and define a group-based connection for Group1. Set the access permission of the policy to Access granted. Set the processing order of the policy to 1 D.	Create a new network policy and define a group-based condition for Group1. Set the access permission of the policy to Access Granted. Set the processing of the policy to 3.

Answer: C

QUESTION 28 Your network contains one Active Directory domain. You have a member server named Server1 that runs Windows Server 2008. The server has the Routing and Remote Acecss role service installed. You implement Network Access Protection (NAP) for the domain. You need to configure the Point-to-Point (PPP) authentication method on Server1. Which autnetication method should you choose?

A.	Challenge Handshake Authentication Protocol (CHAP) B.	Extensible Authentication Protocol (EAP) C.	Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) D.	Password Authentication Protocol (PAP)

Answer: B

QUESTION 29 Your network contains one Active Directory domainl. You have a member server that runs Windows Server 2008. You need to immediately disable all incoming connections to the server. What should you do?

A.	From the Services snap-in disable the IP Helper B.	from the Services snap-in disable the Net Logon Service C.	From Windows Firewall, enable the Block all connections option on the Public Profile D.	From the Windows Firewall, enable the Block all connections option on the Domain Profile

Answer: D

QUESTION 30 Your company has deployed Network Access Protection (NAP) enforcement for VPNs. You need to ensure that the health of all clients can be monitored and reported. What should you do?

A.	Create a Group Policy object (GPO) that enabled Security Center and link the policy to the domain. B.	Create a Group Policy object (GPO) that enabled Security Center and link the policy to the Domain Controllers organizational unit (OU) C.	Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the Policy to the domain. D.	Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the Policy to the Domain Controllers organizational unit (OU)

Answer: A

QUESTION 31 Your company has Active Directory Certificate Services (AD CS) and Network Access Protection (NAP) deployed on the network. You need to configure the wireless network to accept smart cards. What should you do?

A.	Configure the wireless netwotk to use WPA2, PEAP, and MSCHAP v2 B.	Configure the wireless netwotk to use WPA2, 802.1X authentication and EAP-TLS C.	Configure the wireless netwotk to use WEP, 802.1X authentication, PEAP, and MSCHAP v2 D.	Configure the wireless netwotk to use WPA, PEAP, and MSCHAP v2 and also require strong user passwords.

Answer: B

QUESTION 32 Your company has 10 servers that run Windows Server 2008. The servers have RDP enabled for server administration. RDP is configured to use default security settings. All administrators computers run Windows Vista. you need to ensure the RDP connections are as secure as possible. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.	Set the security layer for each server to the RDP security Layer B.	Configure the firewall on each server to block port 3389 C.	Acquire user certificates from the internal certificate authority D.	Configure each server to allow connections only to Remote Desktop client computers that use Network Level Authentication.

Answer: CD

QUESTION 33 Your company has Active Directory Certificate Services (AD CS) and Network Access Protection (NAP) deployed on the network. You need to ensure that NAP policies are enforced on portable computers that use wireless connection to access the network. What should you do?

A.	Configure all access points to use 802.1X authentication B.	Configure all portable computers to use MS-CHAP v2 authentication C.	Use the Group Policy Management Console to access the wireless Group Policy settings, andenable the Prevent connections to ad-hoc networks option D.	Use the Group Policy Management Console to access the wireless Group Policy settings, and disable the Prevent connections to infrastructure networks option

Answer: A

QUESTION 34 You deploy Windows Server 2008 VPN server behind a firewall. Remote users connect to the VPN by using portable computers that run Windows Vista with the latest service pack. The firewall is configured to allow only secured web communications. You need to enable remote users to connect as securely as possible. you must achieve this goal without opening any additional ports on the firewall. What should you do?

A.	Create an IPsec tunnel B.	Create an SSTP VPN connection C.	Create a PPTP VPN connection D.	Create an L2TP VPN connection

Answer: B

QUESTION 35 Your company has users who connect remotely to the main office though a Windows Server 2008 VPN server. You need to ensure that users cannot access the VPN server remotely from 22:00 to 05:00. What should you do?

A.	Create a network policy for VPN connections. modify the Day and time restrictions. B.	Create a network policy for VPN connections. apply an ip filter to deny access to the corporate network. C.	Modify the Logon hours for all users objects to specify only the VPN server otn he computer restrictions option D.	Modify the Logon hours for the default domain policy to enable the Force logoff when logon hours expire option,.

Answer: A

QUESTION 36 You have a server that runs Windows Server 2008. You need to configure the server as a VPN server. What should you installed on the server?

A.	Windows Deployment Serivces role and Deployment Server role service B.	Windows Deployment Services role and Deployment Transport Role Service C.	Network Policy and Access Services role and Routing and Remote Access Services role service. D.	Network Policy and Access Services role and Routing and Host Credential Authorization Protocolr ole service.

Answer: C

QUESTION 37 Your company has deployed Network Access Protection (NAP). You configure secure wireless access to the network by using 802.1x authentication from any access point. You need to ensure that all client computers that access the network are evaluated by NAP what should you do?

A.	Configure all access points as RADIUS clients to the Remediation Servers B.	Configure all access points as RADIUS clients to the Network Policy Server (NPS) C.	Create a Network Policy that defines Remote Access Server as a network connection method D.	Create a Network Policy that specifies EAP-TLS as the only availible authentication method.

Answer: B

QUESTION 38 Your companys corporate network uses Network Access Protection (NAP). Users are able to connect to the corporate network remotely. You need to ensure that data transmissions between remote client computers and the corporate network are as secure as possible. What should you do?

A.	Apply an IPsec NAP policy. B.	Configure a NAP Policy for 802.1x Wireless connections C.	Configure VPN connections to use MS-CHAP v2 authentication D.	Restrict Dynamic Host Configuration Protocol (DHCP) clients by using NAP

Answer: A

QUESTION 39 Your company has a main office and one branch office. The main office has a print server named Printer1. The branch office has a print server named Printer2. Printer1 manages 15 pritners and Printer2 manages seven printers. You add Printer2 the Print Management console on Printer1. you need to send automatic notification when a printer is not availible. What should you do?

A.	Configure an e-mail notification fo the printers with jobs printer filter B.	Configure an e-mail notification for the printers not ready printer filter C.	enable the show informational notifications for local printers option on both print servers D.	enable the show informationa notificcations for network printers option on both print servers

Answer: B

QUESTION 40 Your company has a server named FS1. FS1 hosts the domain-based DFS namespace named \\contoso.com\dfs all domain users store their data in subfolders within the DFS namespace. You need to prevent all users except administrators, from creating new folders or new files at the root of the \\contoso.com\dfs share. What should you do?

A.	Run the dnscmd.exe \\FS1\dfs /restore command on FS1 B.	Configure the NTFS permissions for the C:\DFSroots\dfs folder on FS1. Set the create folders/append data special permission to Deny for the Authenticated Users group. Set the full control permission to allow for the administrators group C.	Start the delegate management permissions wizard for the dfs namespace named \\contoso.com\dfs remove all groups that have the permission type explicit except the administrators group D.	Configure the \\fs1\dfs shared folder permissions. Set the permissions for the authenticated users group to reader. set the permissions for the administrations group to co-owner.

Answer: D

QUESTION 41 You have a file server that runs Windows Server 2008. A user restores a large file by using the Previous Versions tab. You need to view the progress of the file restoration what should you do?

A.	From the command prompt, rum shadow.exe /v B.	From the command prompt, run vssadmin.exe query reverts C.	From Computer management, click on the shared folders node and then click on sessions D.	From computer management, click on the shared folders node and then click on open files.

Answer: B

QUESTION 42 Your company has an active directory domain. The company also has a server named Server1 that runs Windows Server 2008.

You install the file server role on Server1. you create a shared folder named AcctShare on Server1

The permissions for the shared folder are configured as shown in the following table. You need to ensure members of the Managers group can only view and open files in the shared folder.

What should you do?

A.	Modify the share permissions for the Managers group to Reader B.	Modify the share permisisons for the Accounting Users group to Contributor C.	Modify the NTFS permisisons for the Managers group to Modify D.	Modify the NTFS permissions for the authenticated users group to modify and the share permissions to contributer.

Answer: A

QUESTION 43 You have a server that runs Windows Server 2008. you create a new quota template. you apply quotas to 100 folders by using the quota template. you need to modify the quota settings for all 100 folders. You must achive this goal by using the minimum amount of administrative effort. What should you do?

A.	Modify the quota template B.	Delte and recreate the quota template C.	Create a new quota template. modify the quota for each folder D.	Create a file screen template. Apply the file screen template to the root of the volume that contains the folders.

Answer: A

QUESTION 44 You manage a server that runs Windows Server 2008. The windows backup and restore utility is installed on the server. You need to create a full backup of all system state data to the DVD drive (R: drive) on the server. Which command should you run on the server?

A.	WBadmin enable backup -addtarget:R: /quiet B.	Wbadmin enable backup -addtarget:C: /quiet C.	Wbadmin start backup -allCritical -backuptarget:C: /quiet D.	Wbadmin start backup -allCritical -backuptarget:R:/ quiet

Answer: D

QUESTION 45 You have a file server that runs Windows Server 2008. The server has a shared folder. You need to receive a notifcation when a user stores more than 500MB of data in the shared folder. You must allow users to store more than 500MB of data in the shared folder. What should you do?

A.	Create a soft quota B.	Create a hard quota C.	create an active screening file screen D.	create a passive screening file screen

Answer: A

QUESTION 46 Your company has a network that has an active directory domain. The domain has two servers named DC1 and DC2. You plan to collect events from DC2 and transfer them to DC1. You configure the required subscriptions by selecting the normal option for the event delivery optimiation setting and using the HTTP protocol. you discover that none of the subscritpions work. You need to ensure that the servers support event collectiors. which three actions should you perform? (Each correct answer presents part of the solution, Choose three.)

A.	Run the wecutil qc command on DC1 B.	Run the wecutil qc command on DC2 C.	Run the winrm quickconfig command on DC1 D.	run the winrm quickconfig command on DC2 E.	Add the DC2 account to the administrators group on DC1 F.	Add the DC1 account o the administrators group on DC2

Answer: ADF

QUESTION 47 Your company has an active directory domain that has two domain controllers named DC1 and DC2. You prepare both servers to support event subscriptions. On DC1, you create a new default subscription for DC2. You need to review system events for DC2. Which event log should you select?

A.	system log on DC1 B.	application log on DC2 C.	Forwarded Events log on DC1 D.	Forwarded Events log on DC2

Answer: C

QUESTION 48 You perform a security audit of a server named CRM1. You want to build a list of all DNS requests that are initiated by the server. You install the Microsoft Network Monitor 3.0 application on CRM1. You capture all local traffic on CRM1 for 24hours. You save the capture file as data.cap. you find that the size of this file is more than 1GB. you need to create a file named DNSdata.cap from the existing capture file that contains only DNS -related data What should you do?

A.	apply the display filter !DNS and save the displayed frames as DNSdata.cap file B.	Apply the capture filter DNS and save the displayed frames as a DNSdata.cap file C.	Add a new alisa named DNS to the aliases table and save the file as DNSdata.cap D.	Run the nmcap.exe /inputcapture data.cap /capture DNS /file DNSdata.cap command.

Answer: D

QUESTION 49 Your company has a network that has 100 servers. You install a new server that runs Windows Server 2008. The server has the Web Server (IIS) role installed. You discover that the Reliability Monitor has no data, and that the system stablitiy share has never been updated. You need to configure the server to collect the reliability monitor data. What should you do?

A.	Run the perfmon.exe /sys command on the server B.	Configure the Task scheduler service to start automatically C.	configure the Remote Registry serice to start automatically D.	configure the Secondary Login service to start automatically.

Answer: B

QUESTION 50 Your company has a server named DC1 that runs Windows Server 2008. DC1 has the DHCP server role installed.

You find that a desktop computer named SALES4 is unable to obtain an IP configuration from the DHCP server.

You install the Microsoft Network Monitor 3.0 application on DC1. You enable P-mode in the Network Monitor application configuration. You plan to capture only the DHCP server-related traffic between DC1 and SALES4

The network interface configuration for the two computers is shown in the following table. You need to build a filter in the Network Monitor application to capture the DHCP traffic between DC1 and SALES4

Which filter should you use?

A.	IPv4 Address == 169.254.15.84 && DHCP B.	IPv4 address == 192.168.2.1 && DHCP C.	Ethernet Address == 0x000A5E1C7F67 && DHCP D.	Ethernet Address == 0x001731D55EFF && DHCP

Answer: D

QUESTION 51 You have 10 standalone servers that run Windows Server 2008. You install WSUS on a server named Server1. You need to configure all of the servers to receive updates from Server1 What should you do?

A.	configure the windows Update Settings on each server by using control panel B.	Run the wuauclt.exe /detectnow command on each server C.	Run the wuauclt.exe /reauthorization command on each server D.	Configure the Windows Update settings on each server by using local group policy.

Answer: D

QUESTION 52 You install WSUS on a server that runs Windows Server 2008. You need to ensure that the traffic between the WSUS administrative web site and the server administrators computer is encrypted What should you do?

A.	Configure SSL encryption on the WSUS server website B.	Run the netdom trust /SecurePasswordPrompt command on the WSUS server C.	Configure the NTFS permissions on the content directory to Deny Full control permission to the Everyone group D.	Configure the WSUS server to require integrated Windows authentication (IWA) hen users connect to the WSUS server.

Answer: A