您好,欢迎来到江浙沪招生考试网 !

设为首页|加入收藏|联系我们|网站地图|

江浙沪招生考试网

您现在的位置: test4exam >> 计算机考试 >> 微软认证考试 >> 正文

MCITP认证--微软认证专业IT人士70-642考试练习题

日期:2014-9-19 12:57:15 来源:本站原创 访问量:

MCITP认证--微软认证专业IT人士70-642考试练习题:

  Exam A

  QUESTION 1

  Your company has a single active directory forest that has an active directory domain named na.contoso.

  com zone. you have enabled DNS scavenging on Server1. Three weeks later, you notice that the stale

  resource records remain in na.contoso.com. You need to ensure that the stale resource records are

  removed from na.contoso.com. What should you do?

  A. Stop and restart the DNS service on Server1.

  B. Enable DNS scavenging on the na.contoso.com zone.

  C. Run the dnscmd Server1 /AgeAllRecords command on Server1.

  D. Run the dnscmd Server1 /StartScavenging command on Server1.

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 2

  Your company has an Active Directory domain named ad.contoso.com The company also has a public

  namespace named contoso.com. You need to ensure that public DNS zone records cannot be copied. You

  must achieve this goal without impacting the functionality of public DNS name resolutions. What should you

  do?

  A. Disable the notify feature for the contoso.com zone.

  B. Disable the Allow-Read permission for the Everyone group on the contoso.com DNS domain.

  C. Configure the All domain controllers int he domain zone replication option on ad.contoso.com.

  D. Configure the Allow zone transfers only to servers listed on the Name Servers option on contoso.com

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 3

  Your company has a main office and a branch office. The main office has a domain controller named DC1

  that hosts a DNS primary zone. The branc office has a DNS server named SRV1 that hosts a DNS

  secondary Zone. All client computers are configured to use their local server for DNS resolution. You

  change the IP address of an existing server named SRV2 in the main office. You need to ensure that SRV1

  reflects the change immediately. What should you do?

  A. Restart the DNS server service on DC1

  B. Run the dnscmd command by using the /zonerefresh option on DC1.

  C. Run the dnscmd command by using the /zonerefresh option on SRV1.

  D. Set the refresh interval to 10 minutes on the Start Of Authority (SOA) record.

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 4

  Your company has an Active Directory domain. The company has a main office and a branch office. Both

  the offices have domain controllers that run Active Directory-integrated DNS zones. All client computers are

  configured to use the local domain controllers for DNS resolution. The domain controllers at the branch

  office location are configured as Read-Only Domain Controllers (RODC). You change the IP address of an

  exisiting server named SRV2 in the main office. You need the branch office DNS servers to reflect the

  change immediately. What should you do?

  A. Run the dnscmd /ZoneUpdateFromDs command on the branch office servers.

  B. Run the dnscmd /ZoneUpdateFromDs command on a domain controller in the main office.

  C. Change the domain controllers at the branch offices from RODCs to standard domain controllers.

  D. Decrease the Minimum (default) TTL option to 15 minutes on the Start of Authority (SOA) record for the

  zone.

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 5

  Your company has a server named Server1 that runs Windows Server 2008. Server1 runs the DHCP server

  role and the DNS server role. You also have a server named ServerCore that runs a ServerCore installation

  of Windows Server 2008.

  All computers are configured to use only Server1 for DNS resolution. The IP address of Server1 is

  192.168.0.1. The network interface on all the computers is named LAN. Server1 is temporarily office. A new

  DNS server named Server2 has been configured to use the IP address 192.168.0.254. You need to

  configure ServerCore to use Server2 as the preferred DNS server. What should you do?

  A. Run the netsh interface ipv4 add dnsserver "LAN" static 192.168.0.254 index=1 command

  B. Run the netsh interface ipv4 set dnsserver "LAN" static 192.168.0.254 192.168.0.1 both command

  C. Run the netsh interfface ipv4 set dnsserver "LAN" static 192.168.0.254 primary command and the netsh

  interface ipv4 set dnsserver "LAN" static 192.168.0.1 both command.

  D. Run the netsh interface ipv4 set dnsserver "LAN" static 192.168.0.254 primary command and the netsh

  interface ipv4 add dnsserver "LAN" static 192.168.0.1 index=1 command

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 6

  Your company has a domain controller named Server1 that runs Windows Server 2008 and the DNS server

  role. A server named Server2 runs a custom application.

  You need to configure DNS to include the following parameters for the custom application:

  Service

  Priority

  Weight

  Protocol

  Port Number

  Host offering this service

  Which record should you create?

  A. Host Info (HINFO)

  B. Service Locator (SRV)

  C. Canonical Name (CNAME)

  D. Well-Known Service (WKS)

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 7

  Your company has a main office and two branch offices. Domain controllers in the main office host an

  Active Directory-Integrated zone. The DNS servers in the branch offices host a secondary zone for the

  domain and use the main office DNS servers as the DNS Master servers for the zone. Each branch office

  has an application server. Users access the application server by using its fully qualified domain name. You

  need to ensure that users in the branch offices can access their local application server even if the WAN

  links are down for three days. What should you do?

  A. Increase the Expires After setting to 4 days on the Start of Authority (SOA) record for the zone.

  B. Increase the refresh interval setting o 4 days on the Start of Authority (SOA) record for the zone.

  C. Configure the Zone Aging / Scavenging Properties dialog box to enable Scavenge State resource

  records, and set the refresh setting to 4 days.

  D. Configure the Zone Aging / Scavenging Properties dialog box to enable Scavenge Stale resource

  records, and set the No-refresh interval setting to 4 days.

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 8

  Your company has a single Active Directory forest that has a domain in North America named na.contoso.

  com and a domain in South America named sa.contoso.com The client computers run Windows Vista. You

  need to configure the client computers in the North America office to improve the name resolution response

  time for resources int he South America office What should you do?

  A. Configure a new GPO that disables the Local-Link Multicast Name resolution feature. Apply the policy to

  all the client computers in the North America office.

  B. Configure a new GPO that enabled the Local-Link Multicast Name Resolution feature. Apply the policy to

  all the client computers in the North America office.

  C. Configure a new GPO that configures the DNS suffix search list option to sa.contoso.com, na.contoso.

  com Apply the policy to all client computers in the North America Office

  D. Configure the priority value for the SRV records on each of the North American domain controllers to 5.

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 9

  Your company has multiple DNS servers in the main office. You plan to install DNS on a member server in a

  branch office. You need to ensure that the DNS server in the branch office is able to query any DNS server

  in the main office, and you need to limit the number of DNS records that are transferred to the DNS server

  in the branch office. What should you do?

  A. Configure a secondar zone on the DNS server in the branch office.

  B. Configure a stub zone on the DNS server in the branch office

  C. Configure a stub zone on the DNS server in the main office.

  D. Configure a primary zone on the DNS server in the branch office.

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 10

  Your company has a DNS server named Server1. Your partner company has a DNS server named Server2.

  You create a stub zone on Server1. The master for the stub zone is Server2. Server2 fails. You discover

  that users are not able to resolve names for the partner company. You need to ensure that users are able to

  resolve names for the partner company in the event that Server2 fails. What should you do?

  A. Change the stub zone to a secondary zone on Server1

  B. Open the SOA record for the zone on Server2. Change the Minimum (default) TTL setting to 12 hours.

  C. Open the DNS zone for the partner company on Server2. Create a new Route Through (RT) record and

  a new host (A) record for Server1.

  D. Open the primary DNS zone on Server2. Create a new Service Locator (SRV) record and a new host (A)

  record for Server1.

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 11

  Your company has two servers that run Windows Server 2008 named Server2 and Server3, Both servers

  have the DNS server role installed. Server3 is configured to forward all DNS requests to Server2. You

  update a DNS record on Server2. You need to ensure that Server3 is able to immediately resolve the

  updated DNS record. What should you do?

  A. Run the dnscmd /clearcache on Server3

  B. Run the ipconfig /flushdns command on Server3

  C. Decrease the Time-to-Live (TTL) on the Start of Authority (SOA) record of na.contoso.com to 15minutes

  D. Increase the Retry Interval value on the Start of Authority (SOA) record of na.contoso.com to 15

  minutes.

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 12

  Your company has a single Active Directory forest that has an Active Directory domain named na.contoso.

  com A member server named Server2 runs the DNS server role. The Server2 DNS service hosts multiple

  secondary zones including na.contoso.com. You need to reconfigure Server2 as a caching-only DNS server.

  What should you do?

  A. Uninstall and reinstall the DNS service on Server2

  B. Change all the DNS zones on Server2 to stub zones

  C. Disable and then enable the DNS service on Server2

  D. Delete the na.contoso.com DNS zone domain from Server2. Restart the DNS service on Server2.

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 13

  Your company has an Active Direcotry forest that has five domains. All DNS servers are domain controllers.

  You need to ensure that users from all domains are able to access a Web server named App1 by browsing

  http://App1. What should you do?

  A. Configure and enable DFS-R on the Appl1 Web Server

  B. Create a host (AAAA) record for the App1 Web server in the DNS zone for the forest root domain

  C. Create a zone named GlobalNames on a DNS server. Replicate the GlobalNames zone to all domain

  controllers int he forest. Create a host (A) record for the App1 Web server in the zone

  D. Create a zone named LegacyWINS on a DNS server. Replicated the LegacyWINS zone to all domain

  controlelrs in the forest. Create a host (A) record for the Appl1 Web server in the zone.

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 14

  Your company has a single Active Directory domain. All servers run Windows Server 2008. you install an

  additional DNS server that runs Windows Server 2008. You need to delete the pointer record for the IP

  address 10.3.2.127. What should you do?

  A. Use DNS manager to delete the 127.in-addr.arpa zone.

  B. Run the dnscmd /RecordDelete 10.3.2.127 command at the command prompty

  C. Run the dnscmd /ZoneDelete 127.in-addr.arpa command at the command prompt.

  D. Run the dnscmd /RecordDelete 10.in-addr.arpa 127.2.3 PTR command at the command prompt.

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 15

  Your company has an IPv6 network that has 25 segments. You deploy a server on the IPv6 network. You

  need to ensure that the server can communicate with all segments on the IPv6 network. What should you

  do?

  A. Configure the IPv6 address as fd00::2b0:d0ff:fee9:4143/8

  B. Configure the IPv6 address as fe80::2b0:d0ff:fee9:4143/64

  C. Configure the IPv6 address as ff80::2b0:d0ff:fee9:4143/64

  D. Configure the IPv6 address as 0000::2b0:d0ff:fee9:4143/64

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 16

  Your company has recently deployed a server that runs Windows Server 2008. The server has the IP

  information shown below.

  IP address 192.168.46.186

  Subnet mask: 255.255.255.192

  Default gateway: 192.168.46.1

  Users on remote subnets report that they are unable to connect to the server.

  You need to ensure all users are able to connect to the server.

  What should you do?

  A. Change the IP address to 192.168.46.129

  B. Change the IP address to 192.168.46.200

  C. Change the subnet mask to a 24-bit mask

  D. Change the subnet mask to a 27-bit mask.

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 17

  Your company has a main office and a branch office. Users in the branch office report that they are unable

  to access shared resources in the main office. You discover that computers in the branch office have IP

  addresses in the range of 169.254.x.x you need to ensure that computers can connect to shared resources

  in both the main office and the branch office. What should you do?

  A. Configure a DHCP relay agent on a member server in the main office

  B. Configure a DHCP relay agent on a member server in the branch office

  C. Configure the Broadcast Address DHCP server option to include the main offices DHCP server address

  D. Configure the Resource Location Servers DHCP server option to include the main offices server ip

  addresses.

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 18

  Your network uses IPv4. You install a server that runs Windows Server 008 at a brach office. The server is

  configured with two network interfaces. You need to configure routing on the server at the branch office.

  Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  A. Install the Routing and Remote Access role.

  B. Run the netsh ras ip set access ALL command

  C. Run the netsh interface ipv4 enable command

  D. Enable the IPv4 Router Routing and Remote Access option

  Answer: AD

  Section: (none)

  Explanation/Reference:

  QUESTION 19

  Your company is designing its public network. The network will use an IPv4 range of 131.107.40.0/22. The

  network must be configured as shown in the following exhibit.

  Segment A : 270 nodes

  Segment B : 130 Nodes

  Segment C : 75 nodes

  Segment D : 20 Nodes

  You need to configure subnets for each segment.

  Which network addresses should you assign?

  A. Segment A: 131.107.40.0/23 Segment B: 131.107.42.0/24 Segment C: 131.107.43.0/25 Segment D:

  131.107.43.128/27

  B. Segment A:131.107.40.0/25 Segment B: 131.107.40.128/26 Segment C: 131.107.43.192/27 Segment

  D: 131.107.43.224/30

  C. Segment A: 131.107.40.0/23 Segment B: 131.107.41.0/24 Segment C: 131.107.41.128/25 Segment D:

  131.107.43.0/27

  D. Segment A: 131.107.40.128/23 Segment B: 131.107.43.0/24 Segment C: 131.107.44.0/25 Segment D:

  131.107.44.128/27

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 20

  Your company has an Active Directory domain. A server named Server1 runs the Network Access Policy

  server role. You need to disable IPv6 for all connections except for the tunnel interface and the IPv6

  Loopback interface. What should you do?

  A. Run the netsh ras ipv6 set command

  B. Run the netsh interface ipv6 delete command

  C. Run ipv6.exe and remove the IPv6 protocol

  D. From the Local Area connection Properties, uncheck Internet Protocol Versions 6 (TCP/IPv6)

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 21

  Your company has a single Active Directory domain. All servers run Windows Server 2008. The company

  network has 10 servers that perform as Web servers. All confidential files are located on a server named

  FSS1. The company security policy states that all confidential data must be transmitted in the most secure

  manner. When you monitor the network, you notice that the confidential files are stored on the FSS1 server

  are being transmitted over the network without encryption. You need to ensure taht encryption is always

  used when the confidential files on the FSS1 server are transmitted over the network. What are two possible

  ways to achieve this goal? (Each correct answer presents a complete solution. Choose Two)

  A. Deactivate all LM and NTLM authentication methods on the FSS1 server

  B. Use IIS to publish the confidentials files. activate SSL on the ISS server, and then open the files as a

  web folder.

  C. Use IPSec encryption between the FSS1 server and the computers of the users who need to access the

  confidential files

  D. Use the Server Message Block (SMB) signing between the FSS1 server and the computers of the users

  who want to access the confidential files.

  E. Activate offline files for the confidential files that are stored on the FSS1 server. In the Folder Advanced

  Properties dialog box, select the Encrypt contents to secure data option.

  Answer: BC

  Section: (none)

  Explanation/Reference:

  QUESTION 22

  Your company has an Active Directory forest. The corporate network uses DHCP to configure client

  computer IP addresses. The DHCP server has a DHCP client reservation for a portable computer named

  WKS1. You install a second DHCP server on the network. You need to ensure that WKS1 receives the

  DHCP reservation from the DHCP service. What should you do?

  A. Run the ipconfig /renew command on WKS1

  B. Run the netsh add helper command on WKS1

  C. Add the DHCP reservation for WKS1 to the second DHCP server

  D. Add both DHCP servers to the RAS and IAS Servers group in the Active Directory domain

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 23

  Your network consists of a single Active Directory domain. The domain contains a server named Server1

  that runs Windows Server 2008. All client computers run Windows Vista. All computers are members of the

  Active Directory domain. You assign the Secure Server (Require Security) IPsec policy to Server1 by using

  a GPO. Users report that they fail to connect to Server1. You need to ensure that users can connect to

  Server1. All connections to Server1 must be encrypted. What should you do?

  A. Restart the IPsec Policy Agent service on Server1

  B. Assign the Client (Respond Only) IPsec policy to Server1

  C. Assign the Server (Request Security) IPsec Policy to Server1

  D. Assign the Client (Respond Only) IPsec policy to all client computers

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 24

  You have a DHCP server that runs Windows Server 2008. The DHCP server has two network connections

  named LAN1 and LAN2. You need to prevent the DHCP server from responding to DHCP client requests on

  LAN2. The server must continue to respond to non-DHCP client requests on LAN2. What should you do?

  A. From the DHCP snap-in, modify the bindings to associate only LAN1 with the DHCP service

  B. From the DHCP snap-in, create a new multicast scope

  C. From the properties of the LAN1 network connection, set the metric value to 1

  D. From the properties of the LAN2 network connection, set the metric value to 1

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 25

  You have a Windows Server 2008 computer that has an IP address of 172.16.45.9/21. The server is

  configured to use IPv6 addressing. You need to test IPv6 communication to a server that has an IP address

  of 172.16.40.18/21. What should you do from a command prompt?

  A. Type ping 172.16.45.9:::::.

  B. Type ping ::9.45.16.172.

  C. Type ping followed by the Link-local address of the server

  D. Type ping followed by the Site-local address of the server

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 26

  Your company has four DNS servers that run Windows Server 2008. Each server has a static IP address.

  You need to prevent DHCP from assigning the addresses of the DNS servers to DHCP clients. What should

  you do?

  A. Create a new scope for the DNS servers.

  B. Create a reservation for the DHCP server

  C. Configure the 005 Name Servers scope option

  D. Configure an exclusion that contains the IP addresses of the four DNS servers

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 27

  You manage a server that runs Windows Server 2008. The D:\Payroll folder is corrupted. The most recent

  backup version is 10/29/2007-09:00. You need to restore all the files in the D:\Payroll folder back to the

  most recent backup version without affecting other folders on the server. What should you do on the server?

  A. Run the Recover d:\Payroll comamnd

  B. Run the WBadmin restore catalog-backuptarget:D: -version: 10/29/2007-09:00 Cquiet command

  C. Run the WBadmin start recovery-backuptarget:D: -version: 10/29/2007-09:00 Coverwrite Cquiet

  command

  D. Run the Wbadmin start recovery-version:10/29/2007-09:00 -itemType:File -items d:\payroll -overwrite -

  recursive Cquiet command.

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 28

  Your company has a server named SRV1 that runs Windows Server 2008. The default Print Server role is

  installed on SRV1 The company wants to centralize printing on SRV1 for both UNIX and Windows users.

  You need to provide support to the UNIX users who print on SRV1. What are two possible ways to achieve

  this goal? (Each correct answer presents a complete solution. Choose two.)

  A. Install the Internet Printing server role on SRV1.

  B. Install the Line Printer Daemon (LPD) Services role service on SRV1

  C. Configure the printers on SRV1 to use Line Printer Remote printing

  D. Install the File Server role on SRV1 and activate the services for the NFS Role Service option.

  Answer: AB

  Section: (none)

  Explanation/Reference:

  QUESTION 29

  Your company has a domain with multiple sites. You have a domain-based DFS namespace called \

  \contoso.com\Management. The \\contoso.com\Management namespace hierachy is updated frequently.

  You need to configure the \\contoso.com\Management namespace to reduce the workload of the PDC

  emulator. What should you do?

  A. Enable the Optimize for scalibity option

  B. Enable the optimize for consistency option

  C. Set the Ordering method option to Lowest cost

  D. Set the Ordering method option to Random order

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 30

  Your company has an Active Directory domain. The company also has a server named Server1 that runs

  Windows Server 2008.

  You install the File Server role on Server1. You create a shared folder named AcctgShare on Server1.

  The permissions for the shared folder are configured as shown in the following table.

  You need to ensure members of the managers group can only view and open files in the shared folder.

  A. Modify the share permissions for the Managers group to Reader.

  B. Modify the share permissions for the Accounting Users group to Contributer

  C. Modify the NTFS permissions for the Managers group to Modify

  D. Modify the NTFS permissions for the Authenticated Users group to Modify and the share permissions to

  Contributer

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 31

  You have a file server that runs Windows Server 2008. A user restores a large file by using the Previous

  Versions tab.

  You need to view the progress of the file restoration. What should you do?

  A. From the command prompt, run shadow.exe /v

  B. From the command prompt, run vssadmin.exe query reverts

  C. From Computer Management, click on the Shared Folders node and then click on Sessions.

  D. From Computer Management, click on the Shared Folders node and then click on Open Files.

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 32

  Your company has a server named Server1 that runs Windows Server 2008. The Windows Backup and

  Restore utility is installed on Server1. Server1 fails. You install a new server named Server2 that runs

  Windows Server 2008. You need to restore the companys Windows SharePoint Services (WSS) site to

  Server2 What should you do?

  A. Use Wbadmin to restore the system state from backup

  B. Run Wbadmin with the Get Versions option. Install WSS

  C. Run Wbadmin with the Start Recovery option. Install WSS

  D. Use Wbadmin to restore the application and the sites from backup

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 33

  You have a file server that runs Windows Server 2008. You configure quotas on the server. You need to

  view each users quota usage on a per folder basis. What should you do?

  A. From File Server Resource Manager, create a File Screen

  B. From File Server Resource Manager, create a Storage Management report.

  C. From the command prompt, run dirquota.exe quota list.

  D. From the properties of each volume, review the Quota Entries list.

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 34

  Your network consists of a single Active Directory domain. All servers run Windows Server 2008. You have

  a server named Server1 that hosts shared documents. Users report extremely slow response times when

  they try to open the shared documents on Server1. You log on to Server1 and observe real-time data

  indicating that the processor is operating at 100 percent of capacity. You need to gather additional data to

  diagnose the cause of the problem. What should you do?

  A. In the Performance console, create a counter log to track processor usage.

  B. In Event View, open and review the application log for Performance events.

  C. In Windows Reliability and Performance Monitor, use the Resource View to see the percentage of

  processor capacity used by each application.

  D. In Windows Reliability and Performance Monitor, create an alert that will be triggered when processor

  usage exceeds 80 percent for more than five minutes on Server1.

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 35

  Your company has a main office and a branch office. The branch office has three servers that run a Server

  Core installation of Windows Server 2008. The servers are named Server1, Server2, Server3. You want to

  configure the Event Logs subscription on Server1 to collect events from Server2 and Server3. You discover

  that you cannot create a subscription on Server1 from another computer. You need to configure a

  subscription on Server1. which two actions should you perform? (Each correct answer presents part of the

  solution. Choose two.)

  A. Run the wecutil cs subscription.xml command on Server1

  B. Run the wevutil im subscription.xml command on Server1

  C. Create an event collector subscription configuration file. name the file subscription.xml

  D. Create a custom view on Server1 by using Event View. Export the custom view to a file named

  subscription.xml

  Answer: AC

  Section: (none)

  Explanation/Reference:

  QUESTION 36

  You have two servers that run Windows Server 2008 named Server1 and Server2. You install WSUS on

  both servers. You need to configure WSUS on Server1 to receive updates from Server2. What should you

  do on Server1?

  A. Configure a proxy server

  B. Configure a upstream server

  C. Create a new replica group

  D. Create a new computer group

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 37

  Your company has a network that has 100 servers. A server named Server1 is configured as a file server.

  Server1 is connected to a SAN and has 15 logical drives. You want to automatically run a data archiving

  script if the free space on any of the logical drives is below 30 percent. You need to automate the script

  execution. You create a new Data Collector Set. What should you do next?

  A. Add the Event trace data collector

  B. Add the Performance counter alert

  C. Add the Performance counter data collector

  D. Add the System configuration data collector

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 38

  You install WSUS on a server that runs Windows Server 2008. You need to ensure taht the traffic between

  the WSUS administrative website and the server administrators computer is encrypted. What should you

  do?

  A. Configure SSL encryption on the WSUS server website.

  B. Run the netdom trust /SecurePasswordPrompt command on the WSUS server

  C. Configure the NTFS permissions on the content directory to Deny Full Controll permission to the

  Everyone group

  D. Configure the WSUS server to require Integrated Windows Authentication (IWA) when users connect to

  the WSUS server.

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 39

  You perform a security audit of a server named DC1. You install the Microsoft Network Monitor 3.0

  application on DC1. You plan to capture all the LDAP traffic that comes to and goes from the server

  between 20:00 and 07:00 the next day and save it to the e:\data.cap file. You create a scheduled task. You

  add a new Start a program action to the task. You need to add the application name and the application

  arguments to the new action. What should you do?

  A. Add nmcap.exe as the application name. Add the /networks * /capture LDAP /file e:\data.cap /stopwhen /

  timeafter 11hours line as arguments

  B. Add netmon.exe as the application name. Add the /networks */capture LDA /file e:\data.cap /stopwhen /

  timeafter 11hours line as arguments

  C. Add nmcap.exe as the application name. Add the /networks * /capture !LDAP /file e:\data.cap /

  stopwhen /timeafter 11hours line as arguments

  D. Add nmconfig.exe as the application name. Add the /networks */capture &LDAP /file e:\data.cap /

  stopwhen /timeafter 11hours line as arguments.

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 40

  You perform a security audit on a server named Server1. You install the Microsoft Network Monitor 3.0

  application on Server1. You find taht only some of the captured frames dsplay host mnemonic names in the

  Source column and the Destination column. All other frames display IP addresses. You need to display

  mnemonic host names instead of IP addresses for all the frames what should you do?

  A. Create a new display filter and apply the filter to the capture

  B. Create a new capture filter and apply the filter to the capture

  C. Populate the Aliases table and apply the aliases to the capture

  D. Configure the Network Monitor Application to enable the Enable Converstations option,. Recapture the

  data to a new file.

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 41

  Your company has a main office and 15 branch offices. The company has a single Active Directory domain.

  All servers run Windows Server 2008.

  You need to ensure that the VPN connections between the main office and the branch offices meet the

  following requirements:

  All data must be encrypted by using end-to-end encryption.

  The VPN connection must use computer-level authentication

  User names and passwords cannot be used for authentication.

  What should you do?

  A. Configure an IPsec connection to use tunnel mode and preshared key authentication.

  B. Configure a PPTP connection to use version 2 of the MS-CHAP v2 authentication.

  C. Configure a L2TP/IPsec connection to use the EAP-TLS authentication

  D. Configure a L2TP/IPsec connection to use version 2 of the MS-CHAP v2 authentication.

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 42

  Your corporate network has a member server named RAS1 that runs Windows Server 2008. You configure

  RAS1 to use the Routing and Remote Access Service (RRAS) The companys remote access policy allows

  members of the Domain Users group to dial in to RAS1. The company issues smart cards to all employees.

  You need to ensure that smart card users are able to connect to RAS1 by using a dial-up connection. What

  should you do?

  A. Install the Network Policy Server (NPS) on the RAS1 server

  B. Create a remote access policy that requires users to authenticate by using SPAP

  C. Create a remote access policy that requires users to authenticate by using EAP-TLS

  D. Create a remote access policy that requires users to authenticate by using MS-CHAP v2

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 43

  Network Access Protection (NAP) is configured for the corporate network. Users connect to the corporate

  network by using portable computers. The company policy required confidentiality of data when the data is

  in transmit between the portable computers and the servers. You need to ensure that users can access

  network resources only from computers that comply with the company policy. What should you do?

  A. Create an IPsec Enforcement Network policy

  B. Create an 802.1X enforcement network policy

  C. Create a wired network (IEEE 802.3) Group Policy

  D. Create an Extensible Authentication Portocol (EAP) Enforcement Network Policy

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 44

  Your company has a single Active Directory domain and an enterprise root certifficate authority. The

  company plans to use Network Access Protection (NAP) to protect the VPN connections.

  You build two servers named NPS1 and VPN1. You configure the following functions on the two servers as

  shown in the following table.

  You need to ensure that the system health policy is applied to all client computers that attempt VPN

  connections.

  What should you do?

  A. Reconfigure NPS1 as a radius client

  B. Reconfigure VPN1 as a radius client

  C. Add the NAP role to a domain controller

  D. Add the NAP role to an Enterrpise Certificate server.

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 45

  Your company has Active Directory Certificate Services (AD CS) and Network Access Protection (NAP)

  deployed on the network. You need to ensure that NAP policies are enforced on portable computers that

  use a wireless connection to access the network. What should you do?

  A. Configure all access points to use 802.1X authentication

  B. Configure all protable computers to use MS-CHAP v2 authentication

  C. Use the Group Policy Management Console to access the wireless group policy settings, and enable the

  Prevent connections to ad-hoc networks option.

  D. Use the Group Policy Management Console to access the wireless group policy settings, and disable the

  Prevent connections to infrastructure networks option.

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 46

  Your company has a single Active Directory domain. The domain has servers that run Windows Server

  2008. you have a server named NAT1 that functions as a NAT server. You need to ensure that

  administrators can access a server named RDP1 by using Remote Desktop Protocol (RDP). What should

  you do?

  A. Configure NAT1 to forward port 389 to RDP1

  B. Configure NAT1 to forward port 1432 to RDP1

  C. Configure NAT1 to forward port 3339 to RDP1

  D. Configure NAT1 to forward port 3389 to RDP1

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 47

  Your company has Active Directory Certificate Services (AD CS) and Network Access Protection (NAP)

  deployed on the network. You need to configure the wireless network to accept smart cards. What should

  you do?

  A. Configure the wireless network to use WPA2, PEAP and MSCHAP v2

  B. Configure the wireless network to use WPA2, 802.1X authentication and EAP-TLS

  C. Configure the wireless network to use WEP, 802.1X authentication, PEAP, and MSCHAP v2

  D. Configure the wireless network to use WPA, PEAP, and MSCHAP v2 and also require strong user

  passwords

  Answer: B

  Section: (none)

  Explanation/Reference:

  Remember EAP-TLS - Authentication without usernames and password.

  QUESTION 48

  Your company has a single active directory domain. The company network is protected by a firewall.

  Remote users connect to your network through a VPN server by using PPTP. When the users try to connect

  to the VPN server, they receive the following error message: Error 721: The remote computer is not

  responding. You need to ensure that users can establish a VPN connection. What should you do?

  A. Open port 1423 on the firewall

  B. Open port 1723 on the firewall

  C. Open port 3389 on the firewall

  D. open port 6000 on the firewall

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 49

  Your company uses Network Access Protection (NAP) to enforce policies on client computers that connect

  to the network. Client computers run Windows Vista. A Group Policy is used to configure client computers to

  obtain updates from WSUS. Company policy requires that updates labeled important and Critical must be

  applied before client computers can access network resources. You need to ensure that client computers

  meet the company policy requirement. What should you do?

  A. Enable automatic updates on each client

  B. enable the Security Center on each client

  C. Quarantine clients that do not have all availible security updates installed

  D. Disconnect the remote connection until the required updates are installed.

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 50

  You have a server that runs Windows Server 2008. You need to prevent the server from establishing

  communication sessions to other computers by using TCP port 25. What should you do?

  A. From Windows Firewall, add an exception

  B. From windows Firewall enable the block all incoming connections option

  C. From the Windows Firewall with Advanced Security snap-in, create an inbound rule

  D. From the Windows Firewall with Advanced Security snap-in, create an outbound rule.

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 51

  You have a server that runs Windows Server 2008 You need to configure the server as a VPN server. What

  should you install on the server?

  A. Windows Deployment Services role and Deployment Server role service

  B. Windows Deployment Services role and Deployment transport role service

  C. Network Policy and Access services role and routing and remote access services role service

  D. Network Policy and access services and host credential authorization protocol role service

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 52

  You deploy a Windows Server 2008 VPN server behind a firewall. Remote users connect to the VPN by

  using portable computers taht run Windows Vista with the latest service pack. the firewall is configured to

  allow only secured Web communications. you need to enable remote users to connect as securely as

  possible. You must achieve this goal without opening any additional ports on the firewall. What should you

  do?

  A. Create an IPsec tunnel

  B. Create an SSTP VPN connection

  C. Create a PPTP VPN connection

  D. Create a L2TP VPN connection

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 53

  Your company has a domain controller named Server1 that runs Windows 2008 and the DNS server role. A

  server named Server2 runs Windows server 2003 and Microsoft Exchange Server 2007

  The company wants to deploy a new Exchange server named Server3 to receive all inbound e-mail traffic.

  You need to configure DNS to direct incoming e-mail traffic to the Exchange servers. You also need to

  ensure that higher priority is given to Server3.

  What should you do?

  A. Set the priority value of the Server2 Mail Exchanger (MX) record to 20. Create a new Mail Exchanger

  (MX) record for Server3. Set the priority value to 5

  B. Set the priority value of the Server2 Mail Exchanger (MX) record to 5. Create a new Mail Exchanger

  (MX) record for Server3. Set the priority value to 20

  C. Create a new Service Location (SRV) record in the domain for Server3. Set the port number value to 25.

  Configure the priority setting to 20.

  D. Create a new Service Location (SRV) record in the domain for Server3. Set the port number value to

  110. Configure the priority setting to 5.

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 54

  Your company has a domain controller named Server1 that runs Windows Server 2008. Server1 has DNS

  Server server role installed.

  You need to configure the DNS server to resolve IP address to host names.

  Which record should you create?

  A. Pointer (PTR)

  B. Host Info (HINFO)

  C. Service Location (SRV)

  D. Canonical Name (CNAME)

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 55

  You work as the IT professional in an international company which is named Wiikigo. You are experienced

  in implementing and administering a network operating system. You are specialized in configuring IP

  Addressing and Services, configuring name resolution and network access and so on. You are in charge of

  a domain controller that runs Windows Server 2008 and the DNS Server server role. The DNS server hosts

  an Active Directory-integrated zone for your domain. You need to provide a user with the ability to manage

  records in the zone. But the user must not be able to modify the DNS server settings.

  So what action should you perform?

  A. The user permissions on the zone should be granted.

  B. The user permissions on the DNS server should be granted.

  C. The user should be added to the DNSUpdateProxy Global security group.

  D. The user should be added to the DNSAdmins Domain Local security group.

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 56

  You work as the IT professional in an international company which is named Wiikigo. You are experienced

  in implementing and administering a network operating system. You are specialized in configuring IP

  Addressing and Services, configuring name resolution and network access and so on. Your company is

  designing its network. The network will use an IPv6 prefix of 2001:DB8:BBCC:0000::/53. You have to

  identify an IPv6 addressing scheme that will support 2000 subnets.

  Which network mask should you use?

  A. You should use /63

  B. You should use /64

  C. You should use /61

  D. You should use /62

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 57

  Your company has a main office and two branch offices that are connected by WAN links. The main office

  runs the DNS service on three domain controllers. The zone for your domain is configured as an Active

  Directory-integrated zone.

  Each branch office has a single member server that hosts a secondary zone for the domain. The DNS

  servers in the branch offices use the main office DNS server as the DNS Master server for the zone. You

  need to minimize DNS zone transfer traffic over the WAN links. What should you do?

  A. Decrease the Retry Interval setting in the Start of Authority (SOA) record for the zone

  B. Decrease the Refresh Interval setting in the Start of Authority (SOA) record for the zone

  C. Increase the Refresh Interval setting in the Start of Authority (SOA) record for the zone

  D. Disable the netmask ordering option in the properties of the DNS master server for the zone.

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 58

  You have a DHCP server that runs Windows Server 2008. You need to reduce the size of the DHCP

  database. What should you do?

  A. From the DHCP snap-in, reconcile the database

  B. From the folder that contains the DHCP database, run jetpack.exe dhcp.db temp.mdb

  C. From the properties of the dhcp.mdb file, enabled the File is ready for archiving attribute.

  D. From the properties of the dhcp.mdb file, enable the Compress contents to save diskspace attribute

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 59

  Your company has 10 servers that run Windows Server 2008. The servers have RDP enabled for server

  administration. RDP is configured to use default security settings. All administrators computers run

  Windows Vista. you need to ensure the RDP connections are as secure as possible. Which two actions

  should you perform? (Each correct answer presents part of the solution. Choose two.)

  A. Set the security layer for each server to the RDP security Layer

  B. Configure the firewall on each server to block port 3389

  C. Acquire user certificates from the internal certificate authority

  D. Configure each server to allow connections only to Remote Desktop client computers that use Network

  Level Authentication.

  Answer: CD

  Section: (none)

  Explanation/Reference:

  QUESTION 60

  You have a server that runs Windows Server 2008 You need to configure the server as a VPN server. What

  should you install on the server?

  A. Windows Deployment Services role and Deployment Server role service

  B. Windows Deployment Services role and Deployment transport role service

  C. Network Policy and Access services role and routing and remote access services role service

  D. Network Policy and access services and host credential authorization protocol role service

  Answer: C

  Section: (none)

  Explanation/Reference:

  Exam B

  QUESTION 1

  Your company has an Active Directory forest. All domain controllers run the DNS server role. The company

  plans to decommission the WINS service. You need to enable forest-wide single name resolution. What

  should you do?

  A. Enable WINS-R lookup in DNS

  B. Create Service Locator (SRV) records for the single name resources

  C. Create an Active Directory-Integrated zone named LegacyWINS. Create host (A) records for the single

  name resources

  D. Create an Active Directory-integrated zone named GlobalNames. Create host (A) records for the single

  name resources

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 2

  Your company has a single domain named contoso.com. The contoso.com DNS zone is Active Directoryintegrated.

  Your partner company has a single domain named partner.com. The partner.com DNS zone is

  Active Directory-integrated. The IP Addresses of the DNS servers in the partner domain will change. You

  need to ensure name resolution for users in contoso.com to resources in partner.com on each DNS server

  in contoso.com. What should you do?

  A. Create a stub zone for partner.com on each DNS server in contoso.com

  B. Configure the zone replication scope for partner.com to replicate to all DNS servers in the forest

  C. Configure an application directory partition in the contoso.com forest. Enlist all DNS servers in the

  contoso.com forest in the partition

  D. Configure an application directory partition in the partner forest. Enlist all DNS servers in the partner

  forest in the partition.

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 3

  Contoso Ltd. has a single Active Directory forest that has five domains. Each domain has two DNS servers.

  Each DNS server hosts Active Directory-integrated zones for all five domains. All domain controllers run

  windows server 2008. Contoso acquires a company names Tailspin Toys. Tailspin Toys has a single Active

  Directory forest that contains a single domain. You need to configure the DNS system in the Contoso forest

  to provide name resolution for resources in both forests. What should you do?

  A. Configure client computers in the Contoso forest to use the Tailspin Toys DNS server as the alternate

  DNS server

  B. Create a new conditional forwarder and store it in Active Directory. Replicate the new conditional

  forwarded to all DNS server in the Contoso forest.

  C. Create a new application directory partition in the Contoso forest. Enlist the directory partition for all DNS

  servers

  D. Create a new host (A) record in the GlobalNames folder on one of the DNS servers in the Contoso

  forest. Configure the host (A) record by using the Tailspin Toys domain name and the IP address of the

  DNS server in the Tailspin Toys forest.

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 4

  Your company has an Active Directory domain named ad.contoso.com All client computers run Windows

  Vista. The company has recently acquired a company that has an Active Directory domain named ad.

  fabrikam.com. A two-way forest trust is established between the ad.fabrikam.com domain and the ad.

  contoso.com domain. You need to edit the ad.contoso.com domain Group Policy Object (GPO) to enable

  users in ad.contoso.com domain to access resources in the ad.frabrikam.com domain. What should you

  do?

  A. Configure the DNS suffix Search List option to ad.contoso.com, ad.fabrikam.com

  B. Configure the Allow DNS Suffix appending to Unqualified Multi-Label Name Queries option to True

  C. Configure the Primary DNS Suffix to ad.contoso.com, ad.fabrikam.com. configure the Primary DNS

  suffix Devolution option to True

  D. Configure the Primary DNS Suffix to ad.contoso.com, ad.fabrikam.com. configure the Primary DNS

  suffix Devolution option to False

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 5

  Your company has a main office and two branch offices that are connected by WAN links. The main office

  runs the DNS service on three domain controllers. The zone for your domain is configured as an Active

  Directory-integrated zone.

  Each branch office has a single member server that hosts a secondary zone for the domain. The DNS

  servers in the branch offices use the main office DNS server as the DNS Master server for the zone. You

  need to minimize DNS zone transfer traffic over the WAN links. What should you do?

  A. Decrease the Retry Interval setting in the Start of Authority (SOA) record for the zone

  B. Decrease the Refresh Interval setting in the Start of Authority (SOA) record for the zone

  C. Increase the Refresh Interval setting in the Start of Authority (SOA) record for the zone

  D. Disable the netmask ordering option in the properties of the DNS master server for the zone.

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 6

  Your company has a main office and two branch offices. Domain controllers in the main office host an

  Active Directory-integrated zone. The DNS servers in the branch office host a secondary zone for the

  domain and use the main office DNS servers as their DNS master servers for the zone. The company adds

  a new branch office. You add a member server named Branch3 and install the DNS service on the server.

  You configure a secondary zone for the domain. The zone transfer fails. You need to configure DNS to

  provide zone data to the DNS server in the new branch office. What should you do?

  A. Run dnscmd using the ZoneResetMasters option

  B. Run dnscmd by using the ZoneResetSecondaries option

  C. Add the new DNS server to the Zone Transfers tab on one of the DNS servers in the main office

  D. Add the new DNs server to the DNSUpdateProxy Global security group in Active Directory Users and

  Computers

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 7

  Your company has a main office and a branch office. The main office has a domain controller named DC1

  that hosts a DNS primary zone. The branch office has a DNS server named SRV1 that hosts a DNS

  secondary zone. All client computers are configured to use their local server for DNS resolution. You

  change the IP address of an exisiting server named SRV2 in the main office. You need to ensure SRV1

  reflects the change immediately. What should you do?

  A. Restart the DNS Server service on DC1

  B. Run the dnscmd command by using the /zonerefresh option on DC1

  C. Run the dnscmd command by using the /zonerefresh option on SRV1

  D. Set the refresh interval to 10 minutes on the Start Of Authority (SOA) record.

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 8

  Your company has a single Active Directory domain named contoso.com. All servers run Windows Server

  2008. You have a public DNS server named Server1, and an e-mail server named Server2. Client

  computers outside the company domain are unable to send e-mail messages to contoso.com You verify

  that the host (A) DNS record for Server2 is availible to external client computers. You need to ensure

  Server2 can receive e-mail messages from external client computers. How should you configure the

  contoso.com DNS zone?

  A. Add a Mail Exchange (MX) record for Server2

  B. Add a Mailbox (MB) record for Server2. Set the Mailbox Host setting to Server2

  C. Add a Canonical (CNAME) record that maps Server2 to contoso.com

  D. Add a Service Locator (SRV) record for Server2. Set the Service field to _smtp. Set the Protocol field to

  _tcp. Set the Port Number to 25.

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 9

  Your company has a single Active Directory domain. The company has a main office and three branch

  offices. The domain controller in the main office runs Windows 2008 Server and provides DNS for the main

  office and all of the branch offices.

  Each branch office runs Windows Server 2008. Users in the branch offices report that it takes a long time to

  access network resources. You confirm that there are no problems with WAN connectivity or bandwidth. you

  need to ensure that users in the branch offices are able to access network resources as quickly as possible.

  Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  A. Configure a standard primary zone in each of the branch offices

  B. Configure forwarders that point to the DNS server in the main office

  C. Configure a secondary zone in each of the branch offices that uses the main office DNS server as a

  master

  D. Install DNS Servers in each of the branch offices.

  Answer: CD

  Section: (none)

  Explanation/Reference:

  QUESTION 10

  Your company has a single Active Directory forest that has six domains. All DNS servers in the forest run

  Windows Server 2008. You need to ensure that all public DNS queries are channeled through a singlecaching-

  only DNS server.

  Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  A. Disable the root hints

  B. Enable BIND secondaries

  C. Configure a forwarder to the caching DNS server

  D. Configure a GlobalNames host (A) record for the hostname of the caching DNS server

  Answer: AC

  Section: (none)

  Explanation/Reference:

  QUESTION 11

  Your company has a server named Server1 that runs a Windows Server 2008 Core Installation, and the

  DNS server role. Server1 has one network interface named Local Area Connection. The static IP address of

  the network interface is configured as 10.0.0.1. You need to create a DNS zone named local.contoso.com

  on server1. Which command should you use?

  A. ipconfig /registerdns:local.contoso.com

  B. dnscmd Server1 /ZoneAdd local.contoso.com /DSPrimary

  C. dnscmd Server1 /ZoneAdd local.contoso.com /Primary /file local.contoso.com.dns

  D. netsh interface ipv4 set dnsserver name=local.contoso.com static 10.0.0.1 primary

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 12

  Your company has a single Active Direcotry forest that has a domain in North America named na.contoso.

  com and a domain in south America named sa.contoso.com. The client computers run Windows Vista. You

  need to configure the client computers in North America offce to improve the name resolution response time

  for reosurces in the South Ameirca office. What should you do?

  A. Configure a new GPO that disables the Local-Link Multicast Name Resolution feature. Apply the policy

  to all the client computers int he north america office.

  B. Configure a new GPO that enables the Local-Link Multicast Name Resolution feature. apply the policy to

  all the client computers in the North America office.

  C. Configure a new GPO that configures the DNS suffix search list option to sa.contoso.com, na.contoso.

  com apply the policy to all the client computers in the North America Office

  D. Configure the priority value for the SRV records on each of the North America domain controllers to 5.

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 13

  Your company uses Active Directory integrated DNS. Users require access to the internet. You run a

  network capture. You notice the DNS server is sending DNS name resolution queries to a server named f.

  root-servers.net.You need to prevent the DNS server from sending queries to f.root-servers.net The server

  must be able to resolve names for internet hosts. Which two actions should you perform? (Each correct

  answer provides part of the solution. Choose two)

  A. Enable forwarding to your ISPs DNS servers.

  B. Disable the root hints on the DNS server

  C. Disable the netmask ordering option on the DNS server

  D. Configure Reverse Lookup zones for the IP subnets on the network

  Answer: AB

  Section: (none)

  Explanation/Reference:

  QUESTION 14

  Your company has a domain controller that runs Windows Server 2008 and the DNS role. The DNS domain

  is named contoso.com You need to ensure that inquries about contoso.com are sent to

  dnsadmin@contoso.com What should you do?

  A. Create a signature (SIG) record for the domain controller

  B. Modify the Name Server (NS) record for the domain controller

  C. Modify the Service Locator (SRV) record for the domain controller

  D. Modify the Start of Authority (SOA) record ont he domain controller

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 15

  Your network consists of a single Active Directory domain. The domain contains a server named Server1

  that runs Windows Server 2008. All client computers run Windows Vista. All computers are members of the

  Active Directory domain. You assign the Secure Server (Require Security) IPsec policy to Server1 by using

  a GPO. Users report that they fail to connect to Server1. You need to ensure that users can connect to

  Server1. All connections to Server1 must be encrypted. What should you do?

  A. Restart the IPsec Policy Agent service on Server1

  B. Assign the Client (Respond Only) IPsec policy to Server1

  C. Assign the Server (Request Security) IPsec policy to Server1

  D. Assign the Client (Respond Only) IPsec policy to all client computers.

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 16

  Your company has computers in multiple locations that use IPv4 and IPv6. Each location is protected by a

  firewall that performs symmetric NAT. You need to allow peer-to-peer communication between all locations.

  What should you do?

  A. Configure dynamic NAT on the firewall

  B. Configure the firewall to allow the use of Teredo

  C. Configure a link local IPv6 address for the internal interface of the firewall

  D. Configure a global IPv6 address for the external interface of the firewall

  Answer: B

  Section: (none)

  Explanation/Reference:

  Look up Teredo very interesting - worth the Enquiry

  QUESTION 17

  Your company has servers that run Windows Server 2008. All client computers run Windows XP Service

  Pack 2 (SP2). Windows 2000 Professional, or Windows Vista. You need to ensure all computers can use

  the IPv6 protocol. What should you do

  A. Install Serivce Pack 4 on all Windows 2000 Professional computers

  B. Upgrade the Windows 2000 professional computers to Windows XP SP2

  C. Run the IPv6.exe tool on the Windows 2000 Professional and Windows XP computers

  D. Install Active Directory Client extention (DSClient.exe) on the Windows 2000 Professional and Windows

  XP computers.

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 18

  Your company has a single Active Directory domain. All servers run Windows Server 2008. The company

  network has servers that perform as Web Servers. All confidential files are located on a server named

  FSS1. The company security policy states that all confidential data must be transmitted in the most secure

  manner. When you monitor the network you notice that the confidential files stored on FSS1 server are

  being transmitted over the network without encryption. You need to ensure that encryption is always used

  when the confidential files on the FSS1 server are transmitted over the network. What are two possible

  ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

  A. Deactivate all LM and NTLM authentication methods on FSS1 server

  B. Use IIS to publish the confidential files, activate SSL on the IIS server, and then open the files as a web

  folder

  C. Use IPsec encryption between the FSS1 server and the computers of the users who need to access the

  confidential files.

  D. Use the Server Message Block (SMB) signing between the FSS1 server and the computers of the users

  who want to access the confidential files.

  E. Activate offline files for the confidential files that are stored on the FSS1 server. In the Folder Advanced

  Properties box, select the Encrypt contents to secure data optiion

  Answer: BC

  Section: (none)

  Explanation/Reference:

  QUESTION 19

  You have a DHCP server that runs Windows Server 2008. You restore the DHCP database by using a

  recent backup. You need to prevent DHCP clients from receiveing IP addresses that are currently in use on

  the network. What should you do?

  A. Add the DHCP server option 15

  B. Add the DHCP server option 44

  C. Set the Conflict Detection value to 0

  D. Set the Conflict Detection value to 2

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 20

  Your company has an Active Directory domain. A server named Server1 runs the Network Access Policy

  server role. You need to disable IPv6 for all connections except for the tunnel interface and the IPv6

  Loopback interface. What should you do?

  A. Run the netsh ras ipv6 set command

  B. Run the netsh interface ipv6 delete command

  C. Run ipv6.exe and remove the IPv6 Protocol

  D. From the Local Area Connection Properties, uncheck Internet Protocol Version 6 (TCP/IPv6)

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 21

  Your company has a single Active Directory domain. The domain runs at the functional level of Windows

  Server 2003. You install the DHCP service on a server named DHCP1. You attempt to start the DHCP

  service, but it does not start. You need to ensure that the DHCP service starts. What should you do?

  A. Restart DHCP1

  B. Configure a scope on DHCP1

  C. Activate the scope on DHCP1

  D. Authorize DHCP1 in the Active Directory domain

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 22

  Your company has an IPv6 Ethernet network.

  A router named R1 connects your segment to the internet. A router named R2 joins your subnet with a

  segment named Private1. The Private1 segment has a network address of 10.128.4.0/26.

  Your computer named WKS2 required access to servers on the Private1 network.

  The WKS1 computer configuration in shown in the following table.

  The routers are configured as shown in the following table.

  WKS1 is unable to connect to the Private1 network by using the current configuration.

  You need to add a persistent route for the Private1 network to the routing table on WKS1.

  A. Rout add -p 10.128.4.0/22 10.128.4.1

  B. Route add Cp 10.128.4.0/26 10.128.64.10

  C. Route add Cp 10.128.4.0 mask 255.255.255.192 10.12.64.1

  D. Route add Cp 10.128.64.10 mask 255.255.255.192 10.128.4.0

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 23

  You have a DHCP server that runs Windows Server 2008. You need to reduce the size of the DHCP

  database. What should you do?

  A. From the DHCP snap-in, reconcile the database

  B. From the folder that contains the DHCP database, run jetpack.exe dhcp.db temp.mdb

  C. From the properties of the dhcp.mdb file, enabled the File is ready for archiving attribute.

  D. From the properties of the dhcp.mdb file, enable the Compress contents to save diskspace attribute

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 24

  You configure a new file server that runs Windows Server 2008. Users access shared files on the file

  server.

  Users report that they are unable to access the shared files.

  The TCP/IP properties for the file server are configured as shown in the following exhibit.

  You need to ensure that users are able to access the shared files.

  How should you configure the TCP/IP properties in the file server?

  Exhibit:

  A. Configure a static IP address

  B. Configure the default gateway

  C. Configure the DNS server address

  D. Add the domain to the DNS suffix on the network interface

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 25

  Your company uses DHCP to lease IPv4 addresses to computers at the main office. A WAN link connects

  the main office to a branch office. All computers in the branch office are configured with static IP addresses.

  The branch office does not use DHCP and uses a different subnet. You need to ensure that the portable

  computers can connect to network resources at the main office and the branch office. How should you

  configure each portable computer?

  A. Use a static IPv4 address in the range used at the branch office.

  B. Use an alternate configureation that contains a static IP address in the range used at the main office

  C. Use the address that was assigned by DHCP as a static IP address

  D. Use an alternate configuration that contains a static IP address in the range used at the branch office.

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 26

  You have a DHCP server named Server1 and an application server named Server2. Both servers run

  Windows Server 2008. The DHCP server contains one scope. you need to ensure that server2 always

  receives the same IP address. Server2 must receive its DNS settings and its Wins settings from DHCP.

  What should you do?

  A. Create a multicast scope

  B. Assign a Static IP address to Server2

  C. Create an exclusion range in the DHCP scope

  D. Create a DHCP reservation in the DHCP scope.

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 27

  Your network contains a server that runs Windows Server 2008. The server has the Network Policy Server

  (NPS) service role installed. You need to allow only members of a global group named Group1 VPN access

  to the network. What should you do?

  A. Add Group1 to the RAS and IAS Servers Group

  B. Add Group1 to the Network Configuration Operators group

  C. Create a new network policy and define a group-based connection for Group1. Set the access

  permission of the policy to Access granted. Set the processing order of the policy to 1

  D. Create a new network policy and define a group-based condition for Group1. Set the access permission

  of the policy to Access Granted. Set the processing of the policy to 3.

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 28

  Your network contains one Active Directory domain. You have a member server named Server1 that runs

  Windows Server 2008. The server has the Routing and Remote Acecss role service installed. You

  implement Network Access Protection (NAP) for the domain. You need to configure the Point-to-Point (PPP)

  authentication method on Server1. Which autnetication method should you choose?

  A. Challenge Handshake Authentication Protocol (CHAP)

  B. Extensible Authentication Protocol (EAP)

  C. Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)

  D. Password Authentication Protocol (PAP)

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 29

  Your network contains one Active Directory domainl. You have a member server that runs Windows Server

  2008. You need to immediately disable all incoming connections to the server. What should you do?

  A. From the Services snap-in disable the IP Helper

  B. from the Services snap-in disable the Net Logon Service

  C. From Windows Firewall, enable the Block all connections option on the Public Profile

  D. From the Windows Firewall, enable the Block all connections option on the Domain Profile

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 30

  Your company has deployed Network Access Protection (NAP) enforcement for VPNs. You need to ensure

  that the health of all clients can be monitored and reported. What should you do?

  A. Create a Group Policy object (GPO) that enabled Security Center and link the policy to the domain.

  B. Create a Group Policy object (GPO) that enabled Security Center and link the policy to the Domain

  Controllers organizational unit (OU)

  C. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to

  Enabled. Link the Policy to the domain.

  D. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to

  Enabled. Link the Policy to the Domain Controllers organizational unit (OU)

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 31

  Your company has Active Directory Certificate Services (AD CS) and Network Access Protection (NAP)

  deployed on the network. You need to configure the wireless network to accept smart cards. What should

  you do?

  A. Configure the wireless netwotk to use WPA2, PEAP, and MSCHAP v2

  B. Configure the wireless netwotk to use WPA2, 802.1X authentication and EAP-TLS

  C. Configure the wireless netwotk to use WEP, 802.1X authentication, PEAP, and MSCHAP v2

  D. Configure the wireless netwotk to use WPA, PEAP, and MSCHAP v2 and also require strong user

  passwords.

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 32

  Your company has 10 servers that run Windows Server 2008. The servers have RDP enabled for server

  administration. RDP is configured to use default security settings. All administrators computers run

  Windows Vista. you need to ensure the RDP connections are as secure as possible. Which two actions

  should you perform? (Each correct answer presents part of the solution. Choose two.)

  A. Set the security layer for each server to the RDP security Layer

  B. Configure the firewall on each server to block port 3389

  C. Acquire user certificates from the internal certificate authority

  D. Configure each server to allow connections only to Remote Desktop client computers that use Network

  Level Authentication.

  Answer: CD

  Section: (none)

  Explanation/Reference:

  QUESTION 33

  Your company has Active Directory Certificate Services (AD CS) and Network Access Protection (NAP)

  deployed on the network. You need to ensure that NAP policies are enforced on portable computers that

  use wireless connection to access the network. What should you do?

  A. Configure all access points to use 802.1X authentication

  B. Configure all portable computers to use MS-CHAP v2 authentication

  C. Use the Group Policy Management Console to access the wireless Group Policy settings, andenable the

  Prevent connections to ad-hoc networks option

  D. Use the Group Policy Management Console to access the wireless Group Policy settings, and disable

  the Prevent connections to infrastructure networks option

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 34

  You deploy Windows Server 2008 VPN server behind a firewall. Remote users connect to the VPN by using

  portable computers that run Windows Vista with the latest service pack. The firewall is configured to allow

  only secured web communications. You need to enable remote users to connect as securely as possible.

  you must achieve this goal without opening any additional ports on the firewall. What should you do?

  A. Create an IPsec tunnel

  B. Create an SSTP VPN connection

  C. Create a PPTP VPN connection

  D. Create an L2TP VPN connection

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 35

  Your company has users who connect remotely to the main office though a Windows Server 2008 VPN

  server. You need to ensure that users cannot access the VPN server remotely from 22:00 to 05:00. What

  should you do?

  A. Create a network policy for VPN connections. modify the Day and time restrictions.

  B. Create a network policy for VPN connections. apply an ip filter to deny access to the corporate network.

  C. Modify the Logon hours for all users objects to specify only the VPN server otn he computer restrictions

  option

  D. Modify the Logon hours for the default domain policy to enable the Force logoff when logon hours expire

  option,.

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 36

  You have a server that runs Windows Server 2008. You need to configure the server as a VPN server.

  What should you installed on the server?

  A. Windows Deployment Serivces role and Deployment Server role service

  B. Windows Deployment Services role and Deployment Transport Role Service

  C. Network Policy and Access Services role and Routing and Remote Access Services role service.

  D. Network Policy and Access Services role and Routing and Host Credential Authorization Protocolr ole

  service.

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 37

  Your company has deployed Network Access Protection (NAP). You configure secure wireless access to

  the network by using 802.1x authentication from any access point. You need to ensure that all client

  computers that access the network are evaluated by NAP what should you do?

  A. Configure all access points as RADIUS clients to the Remediation Servers

  B. Configure all access points as RADIUS clients to the Network Policy Server (NPS)

  C. Create a Network Policy that defines Remote Access Server as a network connection method

  D. Create a Network Policy that specifies EAP-TLS as the only availible authentication method.

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 38

  Your companys corporate network uses Network Access Protection (NAP). Users are able to connect to the

  corporate network remotely. You need to ensure that data transmissions between remote client computers

  and the corporate network are as secure as possible. What should you do?

  A. Apply an IPsec NAP policy.

  B. Configure a NAP Policy for 802.1x Wireless connections

  C. Configure VPN connections to use MS-CHAP v2 authentication

  D. Restrict Dynamic Host Configuration Protocol (DHCP) clients by using NAP

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 39

  Your company has a main office and one branch office. The main office has a print server named Printer1.

  The branch office has a print server named Printer2. Printer1 manages 15 pritners and Printer2 manages

  seven printers. You add Printer2 the Print Management console on Printer1. you need to send automatic

  notification when a printer is not availible. What should you do?

  A. Configure an e-mail notification fo the printers with jobs printer filter

  B. Configure an e-mail notification for the printers not ready printer filter

  C. enable the show informational notifications for local printers option on both print servers

  D. enable the show informationa notificcations for network printers option on both print servers

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 40

  Your company has a server named FS1. FS1 hosts the domain-based DFS namespace named \\contoso.

  com\dfs all domain users store their data in subfolders within the DFS namespace. You need to prevent all

  users except administrators, from creating new folders or new files at the root of the \\contoso.com\dfs

  share. What should you do?

  A. Run the dnscmd.exe \\FS1\dfs /restore command on FS1

  B. Configure the NTFS permissions for the C:\DFSroots\dfs folder on FS1. Set the create folders/append

  data special permission to Deny for the Authenticated Users group. Set the full control permission to

  allow for the administrators group

  C. Start the delegate management permissions wizard for the dfs namespace named \\contoso.com\dfs

  remove all groups that have the permission type explicit except the administrators group

  D. Configure the \\fs1\dfs shared folder permissions. Set the permissions for the authenticated users group

  to reader. set the permissions for the administrations group to co-owner.

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 41

  You have a file server that runs Windows Server 2008. A user restores a large file by using the Previous

  Versions tab. You need to view the progress of the file restoration what should you do?

  A. From the command prompt, rum shadow.exe /v

  B. From the command prompt, run vssadmin.exe query reverts

  C. From Computer management, click on the shared folders node and then click on sessions

  D. From computer management, click on the shared folders node and then click on open files.

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 42

  Your company has an active directory domain. The company also has a server named Server1 that runs

  Windows Server 2008.

  You install the file server role on Server1. you create a shared folder named AcctShare on Server1

  The permissions for the shared folder are configured as shown in the following table.

  You need to ensure members of the Managers group can only view and open files in the shared folder.

  What should you do?

  A. Modify the share permissions for the Managers group to Reader

  B. Modify the share permisisons for the Accounting Users group to Contributor

  C. Modify the NTFS permisisons for the Managers group to Modify

  D. Modify the NTFS permissions for the authenticated users group to modify and the share permissions to

  contributer.

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 43

  You have a server that runs Windows Server 2008. you create a new quota template. you apply quotas to

  100 folders by using the quota template. you need to modify the quota settings for all 100 folders. You must

  achive this goal by using the minimum amount of administrative effort. What should you do?

  A. Modify the quota template

  B. Delte and recreate the quota template

  C. Create a new quota template. modify the quota for each folder

  D. Create a file screen template. Apply the file screen template to the root of the volume that contains the

  folders.

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 44

  You manage a server that runs Windows Server 2008. The windows backup and restore utility is installed

  on the server. You need to create a full backup of all system state data to the DVD drive (R: drive) on the

  server. Which command should you run on the server?

  A. WBadmin enable backup -addtarget:R: /quiet

  B. Wbadmin enable backup -addtarget:C: /quiet

  C. Wbadmin start backup -allCritical -backuptarget:C: /quiet

  D. Wbadmin start backup -allCritical -backuptarget:R:/ quiet

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 45

  You have a file server that runs Windows Server 2008. The server has a shared folder. You need to receive

  a notifcation when a user stores more than 500MB of data in the shared folder. You must allow users to

  store more than 500MB of data in the shared folder. What should you do?

  A. Create a soft quota

  B. Create a hard quota

  C. create an active screening file screen

  D. create a passive screening file screen

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 46

  Your company has a network that has an active directory domain. The domain has two servers named DC1

  and DC2. You plan to collect events from DC2 and transfer them to DC1. You configure the required

  subscriptions by selecting the normal option for the event delivery optimiation setting and using the HTTP

  protocol. you discover that none of the subscritpions work. You need to ensure that the servers support

  event collectiors. which three actions should you perform? (Each correct answer presents part of the

  solution, Choose three.)

  A. Run the wecutil qc command on DC1

  B. Run the wecutil qc command on DC2

  C. Run the winrm quickconfig command on DC1

  D. run the winrm quickconfig command on DC2

  E. Add the DC2 account to the administrators group on DC1

  F. Add the DC1 account o the administrators group on DC2

  Answer: ADF

  Section: (none)

  Explanation/Reference:

  QUESTION 47

  Your company has an active directory domain that has two domain controllers named DC1 and DC2. You

  prepare both servers to support event subscriptions. On DC1, you create a new default subscription for

  DC2. You need to review system events for DC2. Which event log should you select?

  A. system log on DC1

  B. application log on DC2

  C. Forwarded Events log on DC1

  D. Forwarded Events log on DC2

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 48

  You perform a security audit of a server named CRM1. You want to build a list of all DNS requests that are

  initiated by the server. You install the Microsoft Network Monitor 3.0 application on CRM1. You capture all

  local traffic on CRM1 for 24hours. You save the capture file as data.cap. you find that the size of this file is

  more than 1GB. you need to create a file named DNSdata.cap from the existing capture file that contains

  only DNS -related data What should you do?

  A. apply the display filter !DNS and save the displayed frames as DNSdata.cap file

  B. Apply the capture filter DNS and save the displayed frames as a DNSdata.cap file

  C. Add a new alisa named DNS to the aliases table and save the file as DNSdata.cap

  D. Run the nmcap.exe /inputcapture data.cap /capture DNS /file DNSdata.cap command.

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 49

  Your company has a network that has 100 servers. You install a new server that runs Windows Server

  2008. The server has the Web Server (IIS) role installed. You discover that the Reliability Monitor has no

  data, and that the system stablitiy share has never been updated. You need to configure the server to

  collect the reliability monitor data. What should you do?

  A. Run the perfmon.exe /sys command on the server

  B. Configure the Task scheduler service to start automatically

  C. configure the Remote Registry serice to start automatically

  D. configure the Secondary Login service to start automatically.

  Answer: B

  Section: (none)

  Explanation/Reference:

  QUESTION 50

  Your company has a server named DC1 that runs Windows Server 2008. DC1 has the DHCP server role

  installed.

  You find that a desktop computer named SALES4 is unable to obtain an IP configuration from the DHCP

  server.

  You install the Microsoft Network Monitor 3.0 application on DC1. You enable P-mode in the Network

  Monitor application configuration. You plan to capture only the DHCP server-related traffic between DC1

  and SALES4

  The network interface configuration for the two computers is shown in the following table.

  You need to build a filter in the Network Monitor application to capture the DHCP traffic between DC1 and

  SALES4

  Which filter should you use?

  A. IPv4 Address == 169.254.15.84 && DHCP

  B. IPv4 address == 192.168.2.1 && DHCP

  C. Ethernet Address == 0x000A5E1C7F67 && DHCP

  D. Ethernet Address == 0x001731D55EFF && DHCP

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 51

  You have 10 standalone servers that run Windows Server 2008. You install WSUS on a server named

  Server1. You need to configure all of the servers to receive updates from Server1 What should you do?

  A. configure the windows Update Settings on each server by using control panel

  B. Run the wuauclt.exe /detectnow command on each server

  C. Run the wuauclt.exe /reauthorization command on each server

  D. Configure the Windows Update settings on each server by using local group policy.

  Answer: D

  Section: (none)

  Explanation/Reference:

  QUESTION 52

  You install WSUS on a server that runs Windows Server 2008. You need to ensure that the traffic between

  the WSUS administrative web site and the server administrators computer is encrypted What should you

  do?

  A. Configure SSL encryption on the WSUS server website

  B. Run the netdom trust /SecurePasswordPrompt command on the WSUS server

  C. Configure the NTFS permissions on the content directory to Deny Full control permission to the

  Everyone group

  D. Configure the WSUS server to require integrated Windows authentication (IWA) hen users connect to

  the WSUS server.

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 53

  Your company runs Windows Server Update Services (WSUS) on a server named Server1. Server1 runs

  Windows Server 2008. Server1 is located on the company intranet.

  You configure WSUS Web site to use SSL.

  You need to configure a Group Policy object (GPO) to specify the intranet update locations.

  Which URLs should you use?

  A. http://SERVER1

  B. http://SERVER1:8080

  C. https://SERVER1

  D. https://SERVER1:8080

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 54

  You work as the IT professional in an international company which is named Wiikigo. You are experienced

  in implementing and administering a network operating system. You are specialized in configuring IP

  Addressing and Services, configuring name resolution and network access and so on. Your company has a

  server named Printer A that runs Windows Server 2008. Printer A has the Print Services server role

  installed. You have to reduce the number of events registered in the system log on Printer A.

  So what action should you perform?

  A. After you open the Print Management console, you should open the properties of each individual printer

  on Printer A and clear the Enable advanced printing features option.

  B. After you open the Event Viewer console, a custom view for the system log should be created. Exclude

  the events that are notified by Event ID 10 from the filter.

  C. After you open the Print Management console, you should open the properties of Printer A and clear the

  Log spooler information events option.

  D. After you open the Print Management console, you should open the properties of Printer A and clear the

  Show informational notifications for network printers option.

  Answer: C

  Section: (none)

  Explanation/Reference:

  QUESTION 55

  Your company has an Active Directory domain. The company has a main office and a branch office. Both

  the offices have domain controllers that run Active Directory-integrated DNS zones. All client computers are

  configured to use the local domain controllers for DNS resolution. The domain controllers at the branch

  office location are configured as Read-Only Domain Controllers (RODC). You change the IP address of an

  exisiting server named SRV2 in the main office. You need the branch office DNS servers to reflect the

  change immediately. What should you do?

  A. Run the dnscmd /ZoneUpdateFromDs command on the branch office servers.

  B. Run the dnscmd /ZoneUpdateFromDs command on a domain controller in the main office.

  C. Change the domain controllers at the branch offices from RODCs to standard domain controllers.

  D. Decrease the Minimum (default) TTL option to 15 minutes on the Start of Authority (SOA) record for the

  zone.

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 56

  Your company has a domain with multiple sites. You have a domain-based DFS namespace called \

  \contoso.com\Management. The \\contoso.com\Management namespace hierachy is updated frequently.

  You need to configure the \\contoso.com\Management namespace to reduce the workload of the PDC

  emulator. What should you do?

  A. Enable the Optimize for scalibity option

  B. Enable the optimize for consistency option

  C. Set the Ordering method option to Lowest cost

  D. Set the Ordering method option to Random order

  Answer: A

  Section: (none)

  Explanation/Reference:

  QUESTION 57

  Your company uses Network Access Protection (NAP) to enforce policies on client computers that connect

  to the network. Client computers run Windows Vista. A Group Policy is used to configure client computers to

  obtain updates from WSUS. Company policy requires that updates labeled important and Critical must be

  applied before client computers can access network resources. You need to ensure that client computers

  meet the company policy requirement. What should you do?

  A. Enable automatic updates on each client

  B. enable the Security Center on each client

  C. Quarantine clients that do not have all availible security updates installed

  D. Disconnect the remote connection until the required updates are installed.

  Answer: C

  Section: (none)

  Explanation/Reference:

相关阅读
·推荐文章

Copyright ©2013-2015 江浙沪招生考试网 All Rights Reserved.
地址: 苏州市姑苏区阊胥路483号(工投创业园)  电话:0512-85551931 邮编: 214000 苏ICP备15050684号-2
邮箱: [email protected] 技术支持: 苏州迈峰教育科技 黔ICP备15012612号