Shared Flashcard Set

Details

Practice Exam
Windows Server 2008 Network Infrastructure
90
Computer Networking
Professional
08/18/2011

Additional Computer Networking Flashcards

 


 

Cards

Term
ABC.com has a forest with a domain named ABC.com. A server named ABC-SR05 is configured as the DNS server. During a routine security check you discover a number of outdated resource records in the ABC.com zone. You successfully set up the DNS service to do scavenging on ABC- SR05 but after a month ABC-SR05 was clogged up with the same stale resource records again.

 

What action should you take to take away all outdated resource records?

 

A. You should execute the dnscmd ABC-SR05 /AgeAllRecords command.

B. You should disable the DNS service on ABC-SR05 and manually start scavenging stale records.

C. You should execute the dnscmd ABC-SR05 /StartScavenging command.

D. You should enable the DNS scavenging utility on the us.ABC.com zone.

E. You should execute the dnscmd /zonerefresh command.

F. You should increase the Expires After setting of the Start of Authority (SOA) record.

Definition
Answer: D Explanation: You again noticed the same stale resource records still lay na.contoso.com even after enabled DNS scavenging on Server1 because the Server1 may not have na.contoso.com zone integrated with AD DS and loaded at the server. To ensure that the stale resource records are removed from na.contoso.com, you need to enable DNS scavenging on the na.contoso.com zone. The aging and scavenging can be configured for specified zones on the DNS server to make sure that the stale records are removed from the specified zone.
Term

You work as the enterprise administrator at ABC.com. The ABC.com network uses the public namespace ABC.com. All servers on the ABC.com network run Microsoft Windows Server 2008. The ABC.com CIO does not want user to have the ability to copy the public DNS zone records. You must make sure that the zone transfers are restricted to DNS servers that are listed in the Name Servers option without affecting the operation of the public name resolution. How will you comply with the CIO’s requirement?

 

A. Check the Service Locator (SRV) resource record enabled option on all ABC.com domain controllers.

B. Configure the priority value for the SRV records on all the domain controllers of us.ABC.com to 1.

C. Check the Allow zone transfers only to servers listed on the Name Servers option on ABC.com.

D. Uncheck the DNS scavenging option on the us.ABC.com zone.

Definition
Answer: C Explanation: To ensure that public DNS zone records cannot be copied without impacting the functionality of public DNS name resolutions, you need to configure the Allow zone transfers only to servers listed on the Name Servers option on ABC.com. This setting allows you to restrict zone transfers only to DNS servers listed in the Name Servers resource option on ABC.com.
Term
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers run Windows Vista. The ABC.com network has two Servers named ABC-SR05 and ABC-SR06. ABC-SR05 is a domain controller that is configured as DNS server. ABC-SR06 is configured to run a legacy application. You receive an instruction from the CIO to include parameters like Service, Weight Protocol, and Port number for the legacy application on ABC-SR05. What action should you take to accomplish this?

A. You must create a Host Info (HINFO) record on ABC-SR05.
B. You must create a Well-Known Service (WKS) record on ABC-SR05. C. You must create a Service Locator (SRV) record on ABC-SR05.
D. You must create a Pointer (PTR) resource record on ABC-SR05.
E. You must create a Start of Authority (SOA) record on ABC-SR05.
Definition
Answer: C
Explanation: Your best option in this scenario would be to create a Service Locator (SRV) record. To configure DNS on ABC-SR05 to include the parameters such as Service, Priority, Weight Protocol, Port number, and Host offering this service for the custom application, you need to configure Service Locator (SRV) records. An SRV record or Service record is a category of data in the Internet Domain Name System specifying information on available services. Service locator (SRV) resource record. Allows multiple servers providing a similar TCP/IP-based service to be located using a single DNS query operation. This record enables you to maintain a list of servers for a well-known server port and transport protocol type ordered by preference for a DNS domain name.
Term
You work as the network administrator at ABC.com. The ABC.com network has a forest with two
domains named us.ABC.com and uk.ABC.com.


All servers on the ABC.com network run Windows Server 2008 and all client computers run
Windows Vista. Users in the us.ABC.com zone complain that it takes a long time to access
resources in the uk.ABC.com zone.


What action should you take to reduce the resolution response times? (Each correct answer
presents part of the solution. Choose TWO.)


A. You should create and configure a GPO with DNS Suffix Search List option to uk.ABC.com,
us.ABC.com.
B. You should configure the priority value for the SRV records on all the domain controllers of
us.ABC.com to 5.
C. You should apply the policy to all user workstations in the us.ABC.com zone.
D. You should enable Scavenge Stale resource records in the Zone Aging /Scavenging Properties
dialog box of every workstation.
E. You should create and configure a GPO with the Local-Link Multicast Name Resolution feature
enabled.
F. You should execute the dnscmd /zonerefresh command on the workstations in uk.ABC.com.
Definition
Answer: A,C
Explanation:
To configure the user workstations in the us.ABC.com zone to improve the name resolution
response time for resources in the uk.ABC.com zone you need to configure a new GPO that
configures the DNS Suffix Search List option to us.ABC.com, us.ABC.com. Thereafter the policy
can be applied to all user workstations in the us.ABC.com zone.

A customized DNS suffix search lists to ensures that clients can locate services and other
computers when they perform single-label name queries.

Link-Local Multicast Name Resolution cannot be used because it allows IPv6 hosts on a single
subnet without a DNS server to resolve each other names. Therefore it need not be used here.
DNS SRV records cannot be used because they are the service records, which are a type of DNS
entry that specify information on a service available in a domain. They are typically used by clients
who want to know the location of a service within a domain. When multiple hosts are configured
for the same service, the priority determines which host is tried first.
Term
You are employed as the enterprise administrator at ABC.com. The ABC.com network has a
domain named ABC.com. ABC.com has a subsidiary company named TestLabs.com. The servers
on both domains are configured to run Windows Server 2008.


You are responsible for a ABC.com server named ABC-SR05. ABC-SR05 is a configured to run
the DNS server role. There is a server on the TestLabs.com network named TESTLABS-LR18
that is configured to run the DNS server role. ABC-SR05 contains a stub zone. The master for the
stub zone on ABC-SR05 is ABC-SR06. During routine monitoring you discover that ABC-SR06
has failed resulting in name resolution problems for ABC users connecting to the TestLabs.com

What action should you take to overcome this problem?


A. You must decrease the Minimum (default) TTL setting in the SOA record for the zone on
TESTLABS-LR18.
B. You must modify the stub zone to a secondary zone on ABC-SR05.
C. You must create a new Service Locator (SRV) record in the primary DNS zone on TESTLABS-
LR18.
Also create a new host (A) record for ABC-SR05.
D. You must enable DNS scavenging in the DNS zone on TESTLABS-LR18.
E. You must use a DNS forwarder on TESTLABS-LR18.
Definition
Answer: B
Explanation:
Users are not able to resolve names for testlabs.com because the master server has failed. To
ensure that users are able to resolve names for testlabs.com in such a scenario, you need to
change the stub zone to a secondary zone on ABC-SR05. This is because the primary name
server notifies the secondary zone server keeps an identical copy of the primary zone. Although it
contains read-only zone information, it can resolve names of the existing names.

You need to remove the stub zone because it requires the IP address of at least one DNS server
in the source domain to the DNS server hosting the stub zone. If this server goes down, then the
stub zone records eventually expire.
Term
You are employed as a network administrator at ABC.com. The ABC.com network has a domain
named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client
computers run Windows Vista.


The ABC.com domain contains three Windows Server 2008 servers named ABC-SR05, ABC-
SR06 and ABC-SR07. ABC-SR05 and ABC-SR06 are configured as DNS servers while ABC-SR07 passes DNS requests on to ABC-SR06.


How can you configured to enable ABC-SR07 to be updated as soon as DNS records are updated
on ABC-SR06 ?


A. You should execute the ipconfig /flushdns command on all ABC.com client computers.
B. You should execute the dnscmd /clearcache command on ABC-SR07.
C. You should decrease the Retry Interval value of the Start of Authority (SOA) record of ABC.com
to 10 minutes in the DNS service.
D. You should increase the Expires After option of the Start of Authority (SOA) record to 10
minutes in the DNS service.
E. You should enable the DNS Client service on the all client computers in the zone.
Definition
Answer: B
Explanation:
To ensure that ABC-SR07 is able to resolve the updated DNS record immediately you need to run
the dnscmd . /clearcache command on ABC-SR07.

Both the DNS server and the local DNS resolver cache any records they receive for a period of
time determined by a TTL setting in the record. The SOA for the zone determines the default TTL,
which is one hour for Windows DNS servers. To ensure that server immediately finds the updated
record, you need to use the Clear Cache option in the server’s property menu in the DNS console
or use the Dnscmd utility with the syntax dnscmd /clearcache, so that less records needs to be
searched.
If you restart the DNS user workstations it will only clear the DNS client cache. This will not resolve
the problem and restore proper name resolution however the DNS server will still respond to query
the name of the workstation.
Term
You work as an enterprise administrator for ABC.com. The ABC.com network consists of a forest
with a domain named us.ABC.com. All servers on the ABC.com network run Windows Server2008.


You are responsible for a DNS server named ABC-SR10 that hosts numerous secondary zones of
which us.ABC.com is one.


What action should you take to have ABC-SR10 perform the function of a caching-only DNS
server?


A. You should have the DNS stub zones disabled on ABC-SR10 prior to re-enabling the DNS
service.
B. You should have the DNS service uninstalled on ABC-SR10 prior to re-installing the DNS
service.
C. You should configure DNS Scavenging on ABC-SR10.
D. You should modify the DNS zones on ABC-SR10 to standard primary zones.
E. You should re-configure the DNS service with one or more forwarders.
F. You should enable Zone Aging on ABC-SR10.
Definition
Answer: B
Explanation:
In order to reconfigure ABC-SR10 as a caching-only DNS server you need to disable and re-
enable the DNS service on ABC-SR10. Uninstalling and reinstalling DNS service will remove all
the previously configured data from ABC-SR10.
Term
You work as the network administrator at ABC.com. The ABC.com network has a forest that
contains four domains. All servers on the ABC.com network run Windows Server 2008. The
domain controllers are configured as DNS servers. All ABC.com users make use of a Web server
named ABC-SR02 to accomplish their daily tasks.


What action should you take to make sure that ABC.com users can access ABC-SR02 by using
Internet Explorer? (Each correct answer presents part of the solution. Choose THREE.)


A. By creating a GlobalNames zone on a DNS server.
B. By configuring ABC-SR02 in order to enable DFS-R on it.
C. By replicating the GlobalNames zone to all domains controllers in the ABC.com forest.
D. By creating a host (A) record for ABC-SR02 in the GlobalNames zone.
E. By creating a LegacyWINS zone on a DNS server.
F. By replicating the GlobalNames zone in the DNS zone for the forest root domain.
Definition
Answer: A,C,D
Explanation:
To ensure that users from all domains are able to access a ABC-SR02 by browsing to http: //Test
WebApp you need to create a zone named GlobalNames on a DNS server. Then GlobalNames
zone can be replicated to all domain controllers in the forest. Lastly a host (A) record can be
created for ABC-SR02 in the zone.

GlobalNames Zone (also known as GNZ) is designed to enable the resolution of the single-label,
static, global names for servers using DNS. GNZ is intended to aid the retirement of WINS, and it's
not a replacement for WINS. GNZ is not intended to support the single-label name resolution of
records that are dynamically registered in WINS, records which typically are not managed by IT
administrators.
Term
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com. ABC.com has its headquarters in Miami and a branch office in Toronto. IPv4
addressing is utilized at both offices.


During the course of the day you receive instruction from ABC.com to travel to the Toronto office
and deploy an additional server named ABC-SR06.


What action should you take to configure Routing and Remote Access on ABC-SR06?


A. You should have ABC-SR06 configured with the Routing and Remote Access role.
Then you should execute the netsh command with the interface ipv4 enable parameter.
B. You should have ABC-SR06 configured with the Routing and Remote Access role.
Then you should enable IPv4 Router Routing and Remote Access on ABC-SR06.
C. You should execute the netsh command with the interface ipv4 enable parameter on ABC-
SR06 prior to enabling Routing and Remote Access.
D. You should execute the netsh command with the ras ipv4 set access ALL parameter on ABC-
SR06.
Then you should have Router Routing and Remote Access enabled for IPv4 and IPv6.
Definition
Answer: B
Explanation:
To configure routing on the server at the branch office, you need to first install the Routing and
Remote Access role on the server and then enable the IPv4 Router Routing and Remote Access
option on the server
Term
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com. ABC.com currently has their headquarters located in Miami. The ABC.com
network servers run Microsoft Windows Server 2008 and the client computers run Microsoft
Windows Vista.


You are preparing to deploy a computer named ABC-SR21 which is configured with the Network
Access Policy (NAP) server role. ABC.com wants you to have the tunnel interface and the IPv6
Loopback interface as the only connections running IPv6.


What action should you take?


A. You should execute the netsh interface ipv4 enable command on ABC-SR21.
B. You should consider clearing the Internet Protocol Version 6 (TCP/IPv6) checkbox in the Local
Area Connection Properties window.
C. You should execute the netsh internal interface ipv6 delete command on ABC-SR21.
D. You should consider disabling the IPv4 Routing and Remote Access option on ABC-SR21.
Definition
Answer: B
Explanation:
To disable IPv6 for all connections except for the tunnel interface and the IPv6 Loopback interface,
you need to uncheck Internet Protocol Version 6 (TCP/IPv6) from the Local Area Connection
Properties window.

This is because unlike Windows XP and Windows Server 2003, IPv6 in Windows Vista and
Windows Server 2008 cannot be uninstalled. However, you can disable IPv6 in Windows Vista
and Windows Server 2008 by doing one of the following: In the Network Connections folder, obtain
properties on all of your connections and adapters and clear the check box next to the Internet
Protocol version 6 (TCP/IPv6) components in the list.

This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on
tunnel interfaces or the IPv6 loopback interface.
Term
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com. All ABC.com network servers run Microsoft Windows Server 2008.


ABC.com recently deployed three servers named ABC-SR02, ABC-SR03 and ABC-SR04 that are
configured with the DNS role and have static IP addresses. You are preparing to install a new
server named ABC-SR05 as the DHCP server.


What action should you take to stop ABC-SR05 from assigning the IP addresses assigned to
ABC-SR02, ABC-SR03 and ABC-SR04 to the client computers?


A. You should have ABC-SR05 configured with an exclusion that specifies the DNS servers’ IP
addresses.
B. You should have ABC-SR05 configured with an exclusion policy for the all DNS servers.
C. You should have ABC-SR05 configured with an exclusion that specifies the ABC-SR05 IP
address.
D. You should also have DNS server service role configured on ABC-SR05.
Definition
Answer: A
Explanation:
To prevent ABC-SR05 from assigning the addresses of the DNS servers to DHCP clients, you
need to configure an exclusion that contains the IP addresses of the four DNS servers. An
exclusion is an address or range of addresses taken from a DHCP scope that the DHCP server is
not allowed to hand out.
Term

You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com domain contains a computer that is configured to run the UNIX operating system as well as a member server named ABC-SR05. You are preparing to install the default Print Server role on ABC-SR05 and must make sure that all users run their print jobs through ABC-SR05 whether they are UNIX clients or Windows clients. You configure printing on ABC-SR05 to make use of Line Printer Remote Printing. What action should you take next? A. By enabling the File Server role and the Internet Printing server role on ABC-SR05. B. By executing the printbrm –r –r command on ABC-SR05. C. By installing the Line Printer Daemon (LPD) Services role service on ABC-SR05. D. By applying a restrictive Print permission in the Default Domain Policy.

Definition

Answer: C Explanation: To provide support to the UNIX users who print on ABC-SR05, you need to either install the Line Printer Daemon (LPD) Services role service on ABC-SR05 or configure the printers on ABC-SR05 to use Line Printer Remote printing. The Line Printer Daemon (LPD) Service installs and starts the TCP/IP Print Server (LPDSVC) service, which enables UNIX-based computers or other computers that are using the Line Printer Remote (LPR) service to print to shared printers on this server. You can use Print Services for UNIX to make your Windows computer work as a Line Printer Daemon (LPD) and Remote Line Printer client

Term
You work as an administrator at ABC.com. The ABC.com network has a domain named ABC.com.
All servers on the ABC.com network run Windows Server 2008.


You are responsible for managing a file server named ABC-SR05. ABC-SR05 is used by all
departments in order to store their files. ABC-SR05 contains a shared folder named SalesDocs that is used by the Sales department.


How can you guarantee that the Sales group members are able to only view and open files in
Sales?


A. By assigning the Modify permission to the Sales group in the Network Policy remote access
permissions.
B. By assigning the Read share permissions to the Sales group.
C. By assigning the Contributor in the Network Policy NTFS permissions to the Sales group.
D. By assigning the Contributor share permissions for the Sales group.
E. By assigning the Read NTFS permissions to the Sales group.
Definition
Answer: B
Explanation:
To ensure members of the Sales group can only view and open files in the shared folder, you
need to modify the share permissions for the Marketing group to Read.

NTFS permissions are associated with the object, so the permissions are always connected with
the object during a rename, move, or archive of the object.

Share permissions are only associated with the folder that is being shared. The share permissions
standard list of options is not as robust as the NTFS permissions. The share permissions only
provide Full Control, Change, and Read. Therefore you need to assign read permission.
Term
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers
run Windows Vista. The ABC.com network has a server named ABC-SR10 that hosts the
Windows SharePoint Services (WSS) site.


You are in the process of installing a new application on ABC-SR10. After the installation you
discover that ABC-SR10 has failed and stops responding. You must make sure that the WSS site
is restored to another server named ABC-SR11 after installing Windows Backup and Restore
facility.


What action should you take to solve the problem?

A. You should execute wbadmin /Start Recovery on the command line prior to installing the WSS
site.
B. You should execute vssadmin /Start Recovery on the command line prior to installing the WSS
site.
C. You should execute vssadmin /query reverts to restore the application and the sites from
backup prior to installing WSS site.
D. You should execute wbadmin /enable backup allCritical ?:/quiet command prior to installing the
WSS site.
Definition
Answer: A
Explanation:
To restore the company’s Windows SharePoint Services (WSS) site to ABC-SR11, you need to
run Wbadmin with the Start Recovery option and then install WSS on the Server.

The Start Recovery option will run a recovery of the volumes, applications, files, or folders
specified and will recover the application and sites. However, to run the WSS site, you need WSS
on ABC-SR11 and therefore you need to install WSS on it.
Term
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers
run Windows Vista.


The ABC.com network contains a file server named ABC-SR05 used by all ABC.com users to
store their information. In order to manage the server space you decide to configure quotas on
ABC-SR05.


What action should you take to display the quota usage of all users?


A. By reviewing the Quota Entries list from the properties of every volume.
B. By displaying a Storage Management report created from the File Server Resource Manager.
C. By using the logs in the Windows Reliability and Performance Monitor.
D. By using a File Screen created from the File Server Resource Manager.
Definition
Answer: B
Explanation: Explanation
To view quota usage of every user on a per folder basis, you need to create a Storage
Management report from File Server Resource Manager. File Server Resource Manager allows
you to create quotas to limit the space allowed for a volume or folder and generate notifications
when the quota limits are approached or exceeded. It also allows you to generate storage reports
instantly, on demand.

To manage storage resources on a remote computer, you can connect to the computer from File
Server Resource Manager. While you are connected, File Server Resource Manager will display
the objects created on the remote computer.
Term
You are employed as an enterprise administrator at ABC.com. The ABC.com network has a
domain named ABC.com. All servers on the ABC.com network run Windows Server 2008.


ABC.com contains a Web server named ABC-SR11 that hosts several third-party applications as
well as a shared folder with documents for the ABC.com employees. The ABC.com employees
report of unusual slow response times when using the documents in the shared folder. You open
Task Manager and discover that the CPU is working at full capacity.


What source should you use to obtain more information in resolving the problem?


A. The processor usage percentage for each application by using Windows Reliability and
Performance Monitor.
B. The System Monitor events log.
C. The Windows Reliability and Performance Monitor events log.
D. An alert that triggers when processor usage is more than 90 percent.
Definition
Answer: A
Explanation: Explanation
To gather additional data to diagnose the cause of the problem, you need to use the Resource
View in Windows Reliability and Performance Monitor to see the percentage of processor capacity
used by each application.
The Resource View window of Windows Reliability and Performance Monitor provides a real-time
graphical overview of CPU, disk, network, and memory usage. By expanding each of these
monitored elements, system administrators can identify which processes are using which
resources. In previous versions of Windows, this real-time process-specific data was only
available in limited form in Task Manager
Term
You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008.


ABC.com com contains three servers named ABC-SR14, ABC-SR15 and ABC-SR16 respectively.
You want to monitor ABC-SR15 and ABC-SR16 using the Event Logs subscription on ABC-SR14.


What action should you take to create a subscription on ABC-SR14?


A. You should execute the wecutil im subscription.xml command on ABC-SR14.
Then you should configure an additional server as an upstream server.
B. You should execute the wecutil cs subscription.xml command on ABC-SR14.
Then you should deploy subscription.xml as an event collector subscription configuration file.
C. You should execute the wecutil cs subscription.xml command on ABC-SR14.
You must configure ABC-SR14 as a downstream server.
D. You should execute the wecutil im subscription.xml command on ABC-SR14.
Then you should deploy the ForwardedEvents log in a custom view.
Then export the custom view to subscription.xml file on ABC-SR14.
Definition
Answer: B
Explanation:
To configure a subscription on ABC-SR14, you need to first create an event collector subscription configuration file and Name the file subscription.xml. You need to then run the wecutil cs
subscription.xml command on ABC-SR14.

This command enables you to create and manage subscriptions to events that are forwarded from
remote computers, which support WS-Management protocol. wecutil cs subscription.xml
command will create a subscription to forward events from a Windows Vista Application event log
of a remote computer at ABC.com to the ForwardedEvents log.
Term
You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008.


ABC.com contains two servers named ABC-SR22 and ABC-SR23 that are configured with WSUS.
The difference between the two WSUS servers is that only ABC-SR22 has the approved and
tested updates.


What action should you take to allow ABC-SR23 to get updates from ABC-SR22 only and not
directly from the Microsoft website?


A. By configuring ABC-SR22 as a proxy server.
B. By configuring ABC-SR23 as a proxy server.
C. By configuring ABC-SR22 as an upstream server.
D. By configuring ABC-SR23 as an upstream server.
E. By configuring ABC-SR23 as a backup for ABC-SR22.
F. By configuring ABC-SR22 as a downstream server.
Definition
Answer: C
Explanation:
To configure WSUS on ABC-SR22 so that the ABC-SR23 receives updates from ABC-SR22, you
need to configure ABC-SR22 as an upstream server. The WSUS hierarchy model allows a single
WSUS server to act as an upstream server and impose its configuration on those servers
configured as downstream servers below it.

A WSUS hierarchy supports two modes, autonomous mode and replica mode. In replica mode, the upstream server is the only WSUS server that downloads its updates from Microsoft Update. It
is also the only server that an administrator has to manually configure computer groups and
update approvals on. All information downloaded and configured on to an upstream server is
replicated directly to all of the devices configured as downstream servers.
Term
You work as an enterprise administrator at ABC.com. All servers on the ABC.com network run
Windows Server 2008.


ABC.com contains a WSUS server named ABC-SR25. The ABC.com security policy states that all
traffic on the corporate network should be encrypted.


What action should you take need to make sure that all connections to ABC-SR25 is compliant
with the security policy?


A. You should configure NTFS permissions on the ABC-SR25 specifying the Deny Full Control
permission to the Everyone group.
B. You should configure IPSec security on ABC-SR25.
C. You should configure ABC-SR25 to allow only MSCHAP v2 authentication for all connections.
D. You should configure SSL encryption on the ABC-SR25 administrative website.
E. You should configure ABC-SR25 with NTFS partitions for the administrative website.
F. You should configure IIS on the ABC.com domain.
Definition
Answer: D
Explanation: To ensure that the traffic between the WSUS administrative website and the server
administrator’s computer is encrypted, you need to configure SSL encryption on the WSUS server
website

Now that you have the necessary certificate, you must configure IIS to use it. To do so, expand the
Default Web Site in the IIS Manager console and then right click on the WSUSAdmin virtual
directory and select the Properties command from the resulting shortcut menu. You will now see
the properties sheet for the WSUSAdmin virtual directory. Select the properties sheet’s Directory
Security tab and then click the Edit button that’s found in the Secure Communications section.
Select the Require Secure Channel (SSL) check box and click OK, Apply, and OK.
Term
You are employed as an enterprise administrator at ABC.com. The ABC.com network has a
domain named ABC.com. All servers on the ABC.com network run Windows Server 2008.


ABC.com contains a domain controller named ABC-DC01 that runs Microsoft Network Monitor 3.0.
You have received instructions from the CEO to execute a security audit on ABC-DC01 without
impacting on the normal business day activities.


What action should you take to execute the audit between 22:00 and 07:00 the following day and
save it to the C:\LDAPData.cap file? (Choose THREE)


A. You should use netmon.exe as the application name.
B. You should use nmcap.exe as the application name.
C. You should use perfmonconfig.exe as the application name.
D. You should create a scheduled task and add “Start a program action” to the task.
E. You should provide the /networks */capture LDAP /file C:\LDAPData.cap /stopwhen /timeafter 9
hours as conditions.
F. You should provide the /networks * /capture LDAP /file C:\LDAPData.cap /stopwhen /timeafter 9
hours as arguments.
G. You should use sysmon.exe as the application name.
H. You should provide the /network */capture LDAP /file C:\LDAPData.cap /stopwhen /timebefore
10hours as parameters.
Definition
Answer: B,D,F
Explanation:
The “/network”, defines which network interface we are capturing on. In this case, we say “*” for all
interfaces. The next parameters “/capture /file %1” tells NMCap what to filter out. In this case it
tells to filter LDAP to C:\LDAPData.cap.

The last part of NMCap, the “/stopwhen” directive, that allows it to determine when NMCap should
stop capturing. So we pass it a “/frame” parameter which tells it to stop the capturing after 9 hours
and exit NMCap.
Term
You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008.


ABC.com contains a domain controller named ABC-DC01 that runs Microsoft Network Monitor 3.0.
You must conduct a security audit. During monitoring on ABC-DC01, while capturing data
inconsistencies with regard to mnemonic names and IP addresses in the display of certain
captured frames.


What action should you take to obtain a consistent display of mnemonic host names only?
(CHOOSE TWO)


A. By creating an exclusion policy using a filter.
B. By populating the Aliases table.
C. By creating a new capture filter.
D. By applying the filter to the capture in the audit.
E. By applying the aliases to the capture in the audit.
F. By enabling the Enable Conversations option.
G. By copying the captured data to an xml file.
Definition
Answer: B,E
Explanation:
To display mnemonic host names instead of IP addresses for all the frames, you need to populate
the Aliases table and apply the aliases to the capture. Aliases table display mnemonic host
names.
In cases where you’d like to see the real IP address and a resolved name exists, turning off the
aliases doesn’t show you the real IP address.
Term
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com. ABC.com has its headquarters located in Miami and branch office located in
Toronto. The ABC.com network servers are configured with Microsoft Windows Server 2008. The
ABC.com offices are connected via a Virtual Private Network (VPN) connection.
During the course of the day you receive instruction from ABC.com to ensure that the VPN
connection supports end-to-end encryption. ABC.com additionally wants you to ensure that
computer-level authentication is used which does not use user names or passwords.


What action should you take to comply with these requirements?


A. You must use a L2TP/IPsec connection with EAP-TLS authentication.
B. You must use a PPTP connection with MS-CHAP v2 authentication.
C. You must use a network policy that allows only Kerberos authentication.
D. You must use a L2TP/IPsec connection with MS-CHAP v2 authentication.
Definition
Answer: A
Explanation:
To ensure that the VPN connections between the main office and the branch offices meet the
given requirements, you need to configure a L2TP/IPsec connection to use the EAP-TLS
authentication.

L2TP leverages PPP user authentication and IPSec encryption to encapsulate and encrypt IP
traffic. This combination, known as L2TP/IPSec, uses certificate-based computer identity
authentication to create the IPSec session in addition to PPP-based user authentication.

Therefore it ensures that all data is encrypted by using end-to-end encryption and the VPN
connection uses computer-level authentication. To ensure that User names and passwords cannot
be used for authentication, you need to use EAP-TLS authentication.

With EAP-TLS, the VPN client sends its user certificate for authentication and the VPN server
sends a computer certificate for authentication. This is the strongest authentication method as it
does not rely on passwords.
Term
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com. ABC.com has its headquarters located in Miami and branch office located in
Toronto. The ABC.com network servers run Microsoft Windows Server 2008 and the client
computers run Microsoft Windows Vista.
ABC.com currently makes use of a computer named ABC-SR05 which has Network Access
Protection configured at the Miami office. The ABC.com written security policy currently states that
data transmitted between ABC-SR05 and client computers should be secure. The Toronto office
users connect to the Miami office using laptop computers.


What action should you take to create an access requirement that will prevent other non network
users from connecting to ABC-SR05?


A. You must have a Wired Network Group policy with all computers using MS-CHAP
authentication, added and configured.
B. You must have an Extensible Authentication Protocol (EAP) Enforcement Network policy added
and configured.
Further ensure that EAP-TLS authentication is used.
C. You must have an IPSec Enforcement Network policy added and configured.
D. You must have an 802.1X Enforcement Network policy added and configured.
E. You must have a network policy that restricts all remote connections.
Definition
Answer: C
Explanation:
To implement the restricted access control, you should choose option C. You need to configure an
IPSec Enforcement Network Policy. The Internet Protocol Security will authenticate the IPs of
authenticated users through its security. All you have to do is create an enforcement network
policy that uses IPSec.

The option D is a wireless enforcement network policy. So you could not use it in this scenario.

The other options like option A are out of the context. You cannot use Wired Network Group policy
for security and restricted access. It is just a group policy for wired network.
Term
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com. ABC.com has its headquarters located in Miami and branch office located in
Toronto. The ABC.com network servers run Microsoft Windows Server 2008 and the client
computers run Microsoft Windows Vista.


ABC.com currently makes use of a computer named ABC-SR05 which has Active Directory
Certificate Services and Network Access Protection (NAP) installed. ABC.com currently has
Toronto office users connecting to the Miami office using laptop computers.


What action should you take to configure NAP policies and apply it on the wireless connections accessing the Miami office?


A. You must have 802.1X authentication used on all network access points.
B. You must have the Prevent connections to infrastructure networks option enabled in the
wireless Group Policy settings in the Network Policies.
C. You must have MS-CHAP v2 authentication required on all portable computers.
D. You must have the Prevent connections to infrastructure networks option disabled in the
wireless Group Policy settings in the Group Policy Management Console.
E. You must disable then re-enable the Prevent Connections to infrastructure networks option in
the wireless Group Policy settings in the Network Policies.
Definition
Answer: A
Explanation:
To ensure that NAP policies are enforced on portable computers that use a wireless connection to
access the network, you need to configure all access points to use 802.1X authentication.

802.1X enforcement enforce health policy requirements every time a computer attempts an
802.1X-authenticated network connection. 802.1X enforcement also actively monitors the health
status of the connected NAP client and applies the restricted access profile to the connection if the
client becomes noncompliant.
Term
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com. ABC.com has its headquarters located in Miami and branch office located in
Toronto. The ABC.com network servers run Microsoft Windows Server 2008 and the client
computers run Microsoft Windows Vista.


ABC.com currently makes use of a computer named ABC-SR05 configured as a Network Address
Translation (NAT) server. During the course of the day you receive instruction to deploy a
computer named ABC-SR21 to the Toronto office. ABC.com wants you to have port forwarding
configured on ABC-SR05 to ABC-SR21.


What action should you take to make sure that network administrators can use Remote Desktop
Protocol (RDP) to connect to ABC-SR21?


A. You must have ABC-SR05 configured to forward port 3389 to ABC-SR21.
B. You must have ABC-SR05 configured to forward port 25 to ABC-SR21.
C. You must have ABC-SR05 configured with Conditional forwarding.
D. You must have ABC-SR05 configured with the Routing and Remote Access services.
Definition
Answer: A
Explanation:
To ensure that administrators can access the server, ABC-SR21 by using Remote Desktop
Protocol (RDP), you need to configure the ABC-SR05 to forward port 3389 to ABC-SR21.

The Remote Desktop Protocol is designed to work across TCP port 3389. If you are attempting to
connect to a remote machine that sits behind a firewall, then the firewall must allow traffic to flow
through TCP port 3389.
Term
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers
run Windows Vista.


ABC.com runs an ISA server as a firewall in order to secure their internal network. You are
responsible for setting up remote access for users to the network by means of a Virtual Private
Network (VPN) service. The ABC.com security policy states that Point-to-Point tunneling (PPTN)
must be used on the VPN. You receive various complaints from users receiving the “Error 721:
The remote computer is not responding” message when attempting to log on to the VPN server.


What action should you take on the firewall to make sure that users are able to logon to the VPN
server?


A. By opening port 1521.
B. By opening port 3389.
C. By opening port 3380.
D. By opening port 1723.
E. By opening port 47.
Definition
Answer: D
Explanation:
To establish VPN connectivity through PPTP, you need to make sure that TCP Port 1723 is opened on the Firewall and IP Protocol 47 (GRE) is configured.

The Error 721 occurs when the VPN is configured to use PPTP, which uses GRE protocol for
tunneled data, and the network firewall does not permit Generic Routing Encapsulation (GRE)
protocol traffic. To resolve this problem, you need to configure the network firewall to permit GRE
protocol 47 and make sure that the network firewall permits TCP traffic on port 1723.
Term
You work as the enterprise administrator at ABC.com. ABC.com has its headquarters located in
Miami and branch office located in Toronto.


You are preparing to deploy a Virtual Private Network (VPN) server to the Miami office.


What action should you take? (Choose two)


A. You should have the Windows Deployment Services role installed.
B. You should have IPSec installed.
C. You should have the Routing and Remote Access Services role service installed.
D. You should have the Deployment Transport Role Service installed.
E. You should have the Network Policy and Access Services role installed.
F. You should have a Certificate Authority role installed.
Definition
Answer: C,E
Explanation:
To configure the server as a VPN server, you need to install Network Policy and Access Services
role and Routing and Remote Access Services role service on the server. To install the Routing
and Remote Access Services role service on the server, you need to first install the Network
Policy and Access Services role on the server.
Term
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com.


ABC.com currently makes use of network servers that are installed with Microsoft Windows Server
2008. The client computers on the ABC.com network run either Microsoft Windows Vista,
Windows XP Professional (SP2) or Windows 2000 Professional. You are preparing to install a
server named ABC-SR05 to run IPv6 addressing on the network.


What action should you take to configure all client computers to communicate with ABC-SR05?


A. You should have only the Windows 2000 Professional computers uABCraded with Service
Pack 4.
B. You should have the Active Directory Client extension (DSClient.exe) installed on the Windows
Vista computers.
C. You should have all client computers re-installed with Windows 2000 Professional Service Pack
4.
D. You should have the Windows 2000 Professional computers uABCraded to Windows XP
Services Pack 2..
E. You should have the Windows 2000 Professional computers uABCraded to Windows
Millennium Edition.
Definition
Answer: D
Explanation:
To ensure that all computers can use the IPv6 protocol, you need to uABCrade the Windows 2000
Professional computers to Windows XP SP2. IPv6 protocol is far superior to IPv4 protocol in terms
of security, complexity, and quality of service (QoS). Therefore, all the new operating systems
started using IPv6 protocol. The older operating systems such as Windows 2000 professional
does not support Ipv6 therefore this needs to be uABCraded to either Windows XP or Windows
Vista.

You can now get versions of Windows that fully support most aspects of IPv6 (namely Windows
XP and Windows Server 2003) and you will soon be able to get versions of Windows that not only
fully support IPv6 but also provide enhanced performance for IPv6 networking.
Term
You work as the enterprise administrator at ABC.com. The ABC.com network servers run
Microsoft Windows Server 2008. You recently deployed a server to the network named ABC-SR05
configured as the DHCP server.


During the course of the business week you discovered that ABC-SR05 has failed and thus used a
recent backup to restore the DHCP database.


What action should you take to make sure that the DHCP clients will not be assigned IP addresses
that have already been assigned to other DHCP clients?


A. You should have the Resource Relay Address DHCP server option include the entire zone.
B. You should have the Conflict Detection value set to 1.
C. You should have the DHCP server option set to 0.
D. You should have the Resource Location Servers DHCP server option include the entire zone.
Definition
Answer: B
Explanation:
To prevent DHCP clients from receiving IP addresses that are currently in use on the network, you
need to set the Conflict Detection value to 1 or 2. By default, "Conflict detection attempts" is set to
0, which means that DHCP server should not check the addresses that it is assigning to its clients.

When this value is increased to the value of 1 or 2, this would enable the DHCP server to check
once or twice to determine whether the address is in use before giving it to a client
Term
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com which has the functional level of the domain set at Windows Server 2003.


You are preparing to deploy a member server to the network named ABC-SR05 to run the DHCP service.


What action should you take to successfully start the DHCP service on ABC-SR05?


A. You should have ABC-SR05 rebooted.
B. You should have the scope deleted and then re-activated on ABC-SR05.
C. You should have ABC-SR05 reconfigured with a new scope to assign IP addresses.
D. You should have ABC-SR05 authorized in the Active Directory domain to assign IP addresses.
E. You should have ABC-SR05 authorized in a new Windows Server 2008 domain.
Definition
Answer: D
Explanation:
To ensure that the DHCP service starts, you need to authorize ABCDHCP1 in the Active Directory
domain. This procedure is needed because you are running a DHCP server on a member server.
Term
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com. ABC.com currently has their headquarters located in Miami. ABC.com has
recently deployed a router named KingRouting using the IP address 192.168.0.0 to connect the
Miami office to the Internet.


ABC.com also wants an additional router named TestRouting using the IP address 192.168.64.0
to join the Miami office with a segment named KingSecured which has a network address of
192.168.4.0/26. Unfortunately a client computer which requires access to the KingSecured servers
cannot access the network with its current configuration.


What action should you take on the client computer routing table to provide it with a persistent
route for the KingSecured network?


A. You should execute the route add command with the -p 192.168.4.0/22 192.168.4.1 parameter.
B. You should execute the route add command with the -p 192.168.64.10 mask 255.255.255.192
192.168.4.0 parameter.
C. You should execute the route add command with the -p 192.168.4.0/26 192.168.64.11
parameter.
D. You should execute the route add with the command -p 192.168.4.0 mask 255.255.255.192 192.168.64.1 parameter.
Definition
Answer: C
Explanation:
To add a persistent route for the Private1 network to the routing table on ABC1, you need to add
command Route add -p 10.128.4.0/26 10.128.64.11. This is because 10.128.4.0/26 is the IP
subnet you desired to connect to and 10.128.64.11 is your IP gateway to the second subnet.
Term
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com. The network servers run Microsoft Windows Server 2008. The DHCP server
role is installed on a server named ABC-SR05.


What action should you take to have the DHCP database on ABC-SR05 use less disk space?


A. You should have the database reconciled using the DHCP snap-in.
B. You should execute the jetpack.exe command with the dhcp.mdb temp.mdb parameters from
the folder that holds the DHCP database.
C. You should enable DNS scavenging from the properties of dhcp.mdb file.
D. You should make use of a caching only DNS server for the zone.
E. You should execute the dnscmd /zonerefresh command on ABC-SR05.
Definition
Answer: B
Explanation:
To reduce the size of the DHCP database, you need to use jetpack dhcp.mdb temp.mdb
command. (The file temp.mdb is used as a temporary database during the compacting operation.)
After the database is compacted, the message: ‘Jetpack completed successfully’ appears.
Term
You are an Enterprise administrator for ABC.com. All servers on the ABC.com network run
Windows Server 2008. You have deployed a file server named ABC-SR07 on the corporate
network. You configured a shared folder on ABC-SR07 to enable users to access shared files on
ABC-SR07.
During the course of the day you received complaints from users stating their inability to access
the shared files located on ABC-SR07. You discover that ABC-SR07 has an APIPA assigned IP
address.


What action should you take to make sure that all users are able to access the shared files located
on ABC-SR07?


A. You should have the DNS server address reconfigured on the ABC-SR07 TCP/IP properties.
B. You should have the subnet mask configured on the ABC-SR07 TCP/IP properties.
C. You should have a static IP address for ABC-SR07 configured on the ABC-SR07 TCP/IP
properties.
D. You should have the zone transfer settings configured on the ABC-SR07 TCP/IP properties.
E. You should have the subnet mask changed to a 24-bit mask on the ABC-SR07 TCP/IP
properties.
Definition
Answer: C
Explanation:
To ensure that users are able to access the shared files, you need to configure a static IP address
on the file server because In order for both PC's to be able to communicate together, the Ethernet
adapters will need to be configured with a static IP address and a common Subnet mask. As an
example, assign one PC an IP address of 192.198.0.1 and assign the second PC an IP address of
192.198.0.2. Both machines should use the Subnet mask 255.255.255.0.
Term
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. The ABC.com network servers run Microsoft Windows Server 2008. ABC.com currently makes use of a computer named ABC-SR05 configured as the Routing and Remote Access server. You are preparing to configure a Network Access Protection policy for ABC.com. What action should you take to have Point-to-Point Protocol (PPP) authentication used on ABC- SR05? A. You should use the Microsoft Challenge Handshake Authentication Protocol version 2 (MS- CHAP v2) authentication method. B. You should use the Kerberos v5 authentication method C. You should use the Challenge Handshake Authentication Protocol (CHAP) authentication method. D. You should use the Password Authentication Protocol (PAP) authentication method. E. You should use the Extensible Authentication Protocol (EAP) authentication method. F. You should use the Shiva Password Authentication Protocol (SPAP) authentication method.
Definition
Answer: E Explanation: To configure the Point-to-Point Protocol (PPP) authentication method on ABC-SR05, you need to configure Extensible Authentication Protocol (EAP) authentication method. Microsoft Windows uses EAP to authenticate network access for Point-to-Point Protocol (PPP) connections. EAP was designed as an extension to PPP to be able to use newer authentication methods such as one-time passwords, smart cards, or biometric techniques.
Term
You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008.


You are responsible for a Windows Server 2008 server named ABC-SR24. ABC-SR24 is used to
store confidential information. During a routine monitoring you notice that ABC-SR24 has been
attacked numerous times. You must block all incoming communications to ABC-SR24.


What action should you take to secure the ABC.com network?


A. You should use the Domain Profile in Windows Firewall and check the Block all connections
option.
B. You should use the Internal Profile in Windows Firewall and check the Block all connections
option.
C. You should use the Public Profile in Windows Firewall and uncheck the Block all connections
option.
D. You should uncheck the IP Helper option in the Services snap-in.
Definition
Answer: A
Explanation:
To immediately disable all incoming connections to the server, you need to enable the Block all connections option on the Domain Profile from Windows Firewall.

You can configure inbound connections to Block all connections from Windows Firewall by
configuring Firewall properties. When Block all connections is configured for a Domain profile ,
Windows Firewall with Advanced Security ignores all inbound rules, effectively blocking all
inbound connections to the domain.
Term
You work as the enterprise administrator at ABC.com. You are preparing to set up Network
Access Protection (NAP) enforcement for the Virtual Private Network (VPN) servers on the
ABC.com domain.


What action should you take to make sure that every client computer on the ABC.com network is
protected and monitored? (Each correct answer presents part of the solution. Choose THREE.)


A. You should have a network access policy.
B. You should have the Require trusted path for credential entry option set to Enabled.
C. You should have a Group Policy object (GPO) created.
D. You should have the (GPO) linked to the Domain Controllers organizational unit (OU).
E. You should have the GPO linked to the domain.
F. You should have the Security Center enabled.
G. You should have a restrictive network access policy.
H. You should have the Windows Sidebar enabled.
Definition
Answer: C,E,F
Explanation:
The NAP replaces Network Access Quarantine Control (NAQC) in Windows Server 2003, which
provided the ability to restrict access to a network for dial-up and virtual private network (VPN)
clients. The solution was restricted to dial-up/VPN clients only.

NAP improves on this functionality by additionally restricting clients that connect to a network
directly, either wirelessly or physically using the Security Center. NAP restricts clients using the
following enforcement methods: IP security (IPsec), 802.1x, Dynamic Host Configuration Protocol
(DHCP) and VPN.
However, to enable NAP on all the clients in your domain, you should create a group policy and
link it to a domain and then enable the Security Center
Term
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008 and have Remote
Desktop (RDP) enabled with default security settings for server administration.


What action should you take to make sure that RDP connections between the Windows Server
2008 servers and Windows Vista client computers are secure?


A. You should set every server’s security layer to the RDP security Layer.
Then the firewall on every server must be configured to deny connections via port 3389.
B. You should get user certificates from the internal certificate authority.
Then every server must be configured for Network Level Authentication to only allow Remote
Desktop client computers access .
C. You should consider configuring the firewall on every server to block port 3380.
D. You should set very server’s security layer to the RDP security Layer.
Then all clients must get user certificates from the internal certificate authority.
E. You should configure the firewall of every server to deny all communications via port 1423.
Definition
Answer: B
Explanation:
To ensure the RDP connections are as secure as possible, you need to first acquire user
certificates from the internal certificate authority and then configure each server to allow
connections only to Remote Desktop client computers that use Network Level Authentication.

In the pre-W2008 Terminal Server, you used to enter the name of the server and a connection is
initiated to its logon screen. Then, at that logon screen you attempt to authenticate. From a
security perspective, this isn’t a good idea. Because by doing it in this manner, you’re actually
getting access to a server prior to authentication – the access you’re getting is right to a session on that server – and that is not considered a good security practice.
NLA, or Network Level Authentication, reverses the order in which a client attempts to connect.

The new RDC 6.0 client asks you for your username and password before it takes you to the
logon screen. If you’re attempting to connect to a pre-W2008 server, a failure in that initial logon
will fail back to the old way of logging in. It shines when connecting to Windows Vista computers
and W2008 servers with NLA configured it prevents the failback authentication from ever
occurring, which prevents the bad guys from gaining accessing your server without a successful
authentication.
Term
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers
run Windows Vista.


The ABC.com network contains a file server named ABC-SR06. ABC-SR06 is used by 50 users in
the Sales department. These users utilize ABC-SR06 as well as storing their files on it. In order to
manage the disk space you decide to configure it with quotas. To save you time you decide to
make use of a quota template in order to apply the quotas to several folders.


What would be the fastest way to achieve this goal?


A. You should create a file screen template and apply it to the root of the volume containing the
folders.
B. Execute the dirquota.exe quota list command at the command prompt.
C. You must delete the quota template and create it again specifying a volume of the folders in the
file screen template.
D. You should create a new quota template apply it to all the folders on a per folder basis.
E. You must change the quota template.
Definition
Answer: E
Explanation:
To modify the quota settings for all 50 folders by using the least amount of administrative effort,
you can simply modify the quota template with the new settings that you want for all 50 folders.

If you base your quotas on a template, you can automatically update all quotas that are based on a specific template by editing that template. This feature simplifies the process of updating the
properties of quotas by providing one central point where all changes can be made
Term
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008 and contain the
Windows Backup and Restore utility.


You are responsible for a Windows Server 2008 server named ABC-SR05 with a DVD drive as
drive E:. How would you perform a full backup of the system state data to a DVD drive without
interrupting anyone using ABC-SR05.


What action should you take?


A. Execute the Wbadmin start backup command and specify the allCritical parameter, the
backuptarget:C: parameter and the quiet parameter.
B. Execute the Wbadmin start backup command and also specify the allCritical parameter, the
backuptarget:E: parameter and the quiet parameter.
C. Execute the Wbadmin enable backup command and also specify the -addtarget:E: parameter
on ABC-SR05.
D. Execute the Wbadmin restore catalog command and specify the-backuptarget:C: with the quiet
parameter.
E. Execute the Recover E:\ Research command on ABC-SR05.
Definition
Answer: B
Explanation:
To create a full backup of all system state data to the DVD drive (E: drive) on ABC-SR05, you
need to run Wbadmin start backup allCritical backuptarget:E: /quiet command on ABC-SR05.
Wbadmin enables you to back up and restore your operating system, volumes, files, folders, and
applications from a command prompt

Wbadmin start backup runs a one-time backup. If used with no parameters, uses the settings from
the daily backup schedule allCritical Automatically includes all critical volumes (volumes that contain operating system's
state). Can be used with the -include parameter. This parameter is useful if you are creating a
backup for full system or system state recovery. It should be used only when -backupTarget is
specified. Here the backupTarget is DVD drive (E: drive) on the server, so you need to specify
backuptarget:E:

/quiet runs the subcommand without any prompts to the user
Term
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers
run Windows Vista.


The ABC.com network contains file server named ABC-SR06. ABC-SR06 contains a shared folder
that is used by all users to store data. Due to the critical nature of the data you do not want to deny
users the ability to store data on the shared folder when it surpasses the 1 GB data storage limit.


What action should you take to be notified whenever a user exceeds the storage limit in the
shared folder?


A. You should create a hard quota to accomplish the task.
B. You should create a File Screen to monitor quota usage using the File Server Resource
Manager.
C. You should create an indirect quota to accomplish the task.
D. You should create a soft quota to accomplish the task.
E. You should create a Storage Management report to monitor quota usage using the File Server
Resource Manager.
Definition
Answer: D
Explanation:
To allow users to store more than 400 MB of data in the shared folder and to receive a notification
when a user stores more than 400 MB of data in the shared folder, you need to create a soft
quota. A soft quota does not enforce the quota limit but generates all configured notifications.
A hard quota cannot be used because it prevents users from saving files after the space limit is
reached and generates notifications when the volume of data reaches each configured threshold.
Term
You are the administrator for a software development house that writes small utility programs for a
wide range of networks. In addition to supporting its Windows Server 2008 network, you are
responsible for verifying that some of the applications that are developed function properly. During
these tests, you have to install transport protocols from other development houses that are used
by various systems. You have worked out the issues surrounding the different protocols working
on Windows Server 2008 by requiring the protocol developers to make sure their protocols are
compliant with what standard?


A. ODI
B. DLC
C. NDIS
D. NetBIOS
Definition
Answer: C
Term

You have just been asked to troubleshoot intermittent communication problems on a fairly old network for a company that builds and repairs elevator motors. You have determined that the network is a straightforward thin-coax Ethernet Windows NT LAN running TCP/IP. The company wants to upgrade to Windows Server 2008, hoping that the now-stable platform will resolve the intermittent problems. You perform the upgrade; all goes smoothly, and initially everything seems to function properly. However, the intermittent problems show up again.

 

What layer in the OSI model is the most likely place for the problems to be occurring?

 

A. Physical layer

B. Data-Link layer

C. Network layer

D. Transport layer

E. Session layer

Definition
Answer: A
Term
Which of the following are subnet boundary addresses that result from the use of the /29 mask?

(Choose all that apply.)


A. 172.20.73.12
B. 10.8.1.212
C. 192.168.0.0
D. 192.168.1.16
E. 192.168.164.208
Definition
Answer: C,D,E
Term
IPv6 uses an extension header instead or variable-length headers to add functionality to the
protocol. As the network administrator, a junior admin wants to know what two headers are added
for IPsec. What would you tell the junior admin? (Choose two.)


A. Next-Header
B. Destination Options header
C. Authentication header
D. Encapsulating Security Payload header
E. IPsec ID header
Definition
Answer: C,D
Term
You are the network administrator for a large sales organization with four distinct regional offices
situated in different areas of the United States. Your Windows Server 2008 computers are all in place, and you have almost finished migrating all the workstations to XP Professional and Vista.
Your next step is to implement a single Active Directory tree, but you want to put your DNS
infrastructure in place before you start building your tree. Because DNS is a critical component for
the proper functioning of Active Directory, you want to make sure that each region will have
service for local resources as well as good performance. What should you do to realize these
requirements?


A. Install a single DNS server at your location, and create a separate domain name for each
region for the resolution of local resources.
B. Install a DNS server at each regional location, and create a single domain name for all the
regions for the resolution of local resources.
C. Install a single DNS server at your location, and create a single domain name for all the regions
for the resolution of local resources.
D. Install a DNS server at each regional location, and create a separate domain name for each
region for the resolution of local resources.
Definition
Answer: B
Term
Your web server’s host name within the LAN is chaos.example.com. However, you need to add a
DNS entry so that it can be found with the name www.example.com. What type of record should
you add to the DNS zone for example.com in order for this to be configured properly?


A. An alias/CNAME record
B. An A record
C. An SRV record
D. A PTR record
Definition
Answer: A
Term
DHCP’s four-step process sees messages of specific types exchanged between the client and
network and the client and server. What is the name of the message that a DHCP client sends to
initially obtain configuration parameters?


A. DHCPOFFER
B. DHCPREQUEST
C. DHCPDISCOVER
D. DHCPACK
Definition
Answer: C
Term
You are the network administrator for organization. Your organization has three subnets
controlledby two multihomed Windows Server 2008 servers. You have discovered that subnetA is
sending ICMP traffic to subnetC. You want to stop the ICMP traffic from being sent to the other
subnet. What do you need to set up?


A. Traffic filters
B. Traffic rules
C. Traffic denials
D. Traffic relays
Definition
Answer: A
Term
Which routing protocols are not available in Windows Server 2008? (Choose all that apply.)


A. RIPv1
B. RIPv2
C. OSPF
D. EIGRP
Definition
Answer: C,D
Term
Your area of responsibility at the All Terrain Vehicle Rentals Company is to build, deploy, and
maintain the remote access system for the Windows Server 2008 network. The system consists of
four RRAS servers, which serve 200 users across the country. The users often travel from location to location, and they access different servers depending upon where they call in. You put together
a management station to monitor all the RRAS servers so you can keep an eye on this critical
aspect of your network. What tool do you use to accomplish this?


A. The Server Monitor of the RRAS snap-in
B. The Server Status node of the RRAS snap-in
C. The System Monitor snap-in
D. The MMC
Definition
Answer: B
Term
Hannah’s manager has asked her to configure a remote access server so that it restricts what
times of day users can dial in. She creates a network access policy that contains time-of-day
restrictions, but it doesn’t work. What is the most likely cause?


A. The Day-And-Time-Restrictions policy hasn’t been replicated throughout the domain.
B. The Day-And-Time-Restrictions policy doesn’t have a high enough priority.
C. The Day-And-Time-Restrictions policy has a priority that’s too high.
D. The Day-And-Time-Restrictions policy is not linked to an active remote access profile.
Definition
Answer: B
Term
You have been hired by a small company to implement new Windows Server 2008 systems. The
company wants you to set up a server for users’ home folder locations. What type of server would
you be setting up?


A. PDC server
B. Web server
C. Exchange server
D. File server
Definition
Answer: D
Term
You are the administrator for your organization. You have two groups, Sales and Marketing, which
use a laser printer. The Sales group prints a lot of invoices and quotes for companies. The
Marketing group usually prints large presentations that take a long time to print. You want the
Sales group’s documents to print before the Marketing group. How do you set this up?


A. Assign the Marketing group a priority of 100 and the Sales group a priority of 1.
B. Assign the Marketing group a priority of 99 and the Sales group a priority of 1.
C. Assign the Marketing group a priority of 1 and the Sales group a priority of 100.
D. Assign the Marketing group a priority of 1 and the Sales group a priority of 99.
Definition
Answer: D
Term
Paige is a systems administrator who is responsible for performing backups on several servers.
Recently, she has been asked to take over operations of several new servers. Unfortunately, no
information about the standard upkeep and maintenance of those servers is available. Paige
wants to begin by making configuration changes to these servers, but she wants to first ensure
that she has a full backup of all the data on each of these servers.

Paige decides to use the Windows Server 2008 Backup utility to perform the backups. She wants
to choose a backup type that will back up all files on each of these servers, regardless of when
they were last changed or if they have been previously backed up. Which of the following types of
backup operations store all the selected files, without regard to the Archive bit setting?

(Choose all that apply.)


A. Normal
B. Incremental
C. Copy
D. Differential
Definition
Answer: A
Term
Which of the following types of backup operations should be used to back up all the files that have
changed since the last full backup or incremental backup and mark these files as having been
backed up?


A. Differential
B. Copy
C. Incremental
D. Normal
Definition
Answer: C
Term
Your organization uses the IPv4 network address 172.16.30.0/22. All client computers in the
domain run Windows Vista. HostA (IP address 172.16.8.111, subnet mask 255.255.252.0) is
unable to connect to HostB (IP address 172.16.12.23, subnet mask 255.255.252.0) when using
NetBIOS broadcasts. What is the most likely explanation of the problem?


A. HostA and HostB reside on different IP subnets.
B. HostA and HostB are using different default gateway addresses.
C. HostA and HostB are using an incorrect subnet mask.
D. The network's DHCP server is offline.
Definition
Answer: A
Term

You have uABCraded all servers in your company's single Active Directory domain to Windows Server 2008. The organization's SharePoint Server intranet Web site is hosted on four different Web servers. The web servers are configured with identical hardware and each one is assigned a unique IP address. You need to configure the network such that incoming SharePoint connection requests are distributed evenly across all four Web servers.

 

What action should you perform?

 

A. Enable round-robin at the DNS zone level.

B. Enable netmask ordering at the DNS server level.

C. Enable round-robin at the DNS server level.

D. Enable netmask ordering at the DNS zone level.

Definition
Answer: A,C
Term
You install the File Server role on a Windows Server 2008 member server named RES01 You
create a shared folder named SCHEMATICS that will be accessible to members of the Engineers
domain global group. Members of Engineers need to be able to read and write files in the folder
but must not be granted too much privilege to the folder.

What action should you perform?


A. Grant the Engineers group the Reader permission level to SCHEMATICS.
B. Grant the Engineers group the Contributor permission level to SCHEMATICS.
C. Grant the Engineers group the Owner permission level to SCHEMATICS.
D. Grant the Engineers group the Co-owner permission level to SCHEMATICS.
Definition
Answer: B
Term
Your corporate network consists of a single Active Directory domain. The network consists of 3
domain controllers and 10 member servers, all of which run Windows Serve 2008. All client
computers in the domain run Windows Vista Enterprise. Due to security policy, the network is not
connected to the Internet. The network contains a server named DNS01 that hosts a standard
primary zone for the domain. You need to configure DNS01 such that if a DNS client queries for a
name outside the company network, DNS01 will not attempt to contact DNS servers outside the
network.

What action should you perform?


A. Issue the command dnscmd /clearcache on DNS01.
B. Ensure that DNS01 is not configured to use forwarders.
C. Disable recursion on DNS01.
D. Remove root hints on DNS01.
Definition
Answer: C
Term
Your organization is organized as a single Active Directory forest with one domain. All servers run
Windows Server 2008. The headquarters contains a Windows Server 2008 DNS server that hosts
an Active Directory-integrated zone. You install a Windows Server 2008 DNS server in a branch
office with a standard secondary zone that pulls updates from the master server at headquarters.
You receive complaints from users in the branch office that the WAN link between it and
headquarters is slow. You suspect that the bottleneck is produced by DNS zone replication traffic.

What action should you perform?


A. Enable Round-robin on the primary DNS server at headquarters.
B. Decrease the Refresh interval on the SOA record in the primary DNS zone.
C. Increase the Refresh interval on the SOA record in the primary DNS zone.
D. Remove the secondary DNS server and deploy a RODC at the branch office.
Definition
Answer: C
Term
You are configuring a Windows Server 2008 member server named VPN01 to support NAP with
VPN enforcement. Your network consists of a single Active Directory domain in which all servers
run Windows Server 2008 and all client computers run Windows Vista. You have a Windows-
based PKI installed and operational. Another member server named NPS01 serves as the
Network Policy Server and the System Health Validator. You are configuring a NAP policy on
VPN01 to apply NAP to incoming VPN connections.

What actions should you perform? (Select two choices. Each correct answer represents a part of a
single solution.)


A. Configure VPN01 as a RADIUS client.
B. Create a network policy on VPN01.
C. Create a network policy on NPS01.
D. Configure VPN01 as a RADIUS server.
Definition
Answer: A,C
Term
You deploy a Windows Server 2008 public key infrastructure (PKI) and Network Access Protection
(NAP) on your domain. You discover that NAP policies are not affecting wireless clients. You need
to ensure that all wireless clients are properly screened by health policy upon their initial
association with a wireless access point.

What action should you perform? (Select two choices. Each choice represents a part of a single
solution.)


A. Verify that wireless client network connections are configured to use a DHCP server.
B. Verify that 802.1X enforcement is configured on your Windows Server 2008 network policy
server.
C. Verify that DHCP enforcement is configured on your Windows Server 2008 network policy
server.
D. Verify that wireless client network connections are configured for 802.1X authentication.
Definition
Answer: B,D
Term
Your network consists of a single Active Directory domain in which all servers run Windows Server
2008 and all client workstations run Windows Vista. You manage the network from an
administrative workstation named THOTH. You want to configure THOTH to receive Windows
event log data from a domain controller named SERVER01.

What actions should you perform? (Select two answers. Each correct answer represents a part of
a single solution).


A. Run the winrm quickconfig command on SERVER01.
B. Run the wecutil command on THOTH.
C. Run the wecutil command on SERVER01.
D. Run the winrm quickconfig command on THOTH.
Definition
Answer: A,B
Term
Your organization consists of an Active Directory domain in which all servers run Windows Server
2008 and all client computers are laptops that run Windows Vista with Service Pack 1. You need to configure TCP/IP on the laptops such that users are able to seamlessly connect to both the
corporate network, which uses static IP addressing, and their own home networks, which use
dynamic IP addressing.

What action should you perform?


A. Configure the users with IPv6 addresses.
B. Use the Alternate Configuration feature to configure the laptop computers with a static
secondary address.
C. Use the Alternate Configuration feature to configure the laptop computers with static primary IP
addresses.
D. Configure the users' computers with APIPA IP addresses.
Definition
Answer: B
Term
Your organization is planning to migrate from an IPv4 infrastructure to an IPv6 infrastructure. Your
manager is concerned about how IPv6 packets can be routed over the public Internet, especially
to destinations that still use IPv4.

What actions should you perform? (Select two choices. Each correct answer represents an
independent solution.)


A. Deploy NAT in your network.
B. Deploy NPS in your network.
C. Deploy 6to4 technology in your network.
D. Deploy the Teredo transition technology in your network.
Definition
Answer: C,D
Term
You are the network administrator for your company. The network contains Windows Server 2008
and Windows Vista computers. A computer named Print1 functions as a print server for your
network and run Windows Server2008 Server Core.

You need to manage the printers on Print1 from your local Windows Vista Ultimate computer.

Which tool should you use?

A. Server Manager
B. Print Management
C. Event Viewer
D. Active Directory Users and Computers
Definition
Answer: B
Term
You are the systems administrator of your company. The company's network is configured to use
Internet Protocol version 6 (IPv6). You install a Dynamic Host Configuration Protocol (DHCP)
server on a server named DHCP1 that runs Windows Server 2008.

You want to ensure that neither IP addresses nor other configuration settings are automatically
allocated to DHCP clients on a subnet that does not use DHCPv6 from DHCP1. How should you
configure the Managed Address Configuration flag, and the Other Stateful Configuration flag in the
router advertisements?


A. Set both Managed Address Configuration and Other Stateful Configuration flags to 0 (zero).
B. Set both Managed Address Configuration and Other Stateful Configuration flags to 1.
C. Set the Managed Address Configuration flag to 0 and the Other Stateful Configuration flag to 1.
D. Set the Managed Address Configuration flag to 1 and the Other Stateful Configuration flag to 0.
Definition
Answer: A
Term
You are the network administrator for your company. The network contains Windows Server 2008
and Windows Vista computers.

You want to use the event collecting feature on several Windows Server 2008 computers. You
need to set up event subscriptions on the computers that forward and collect events.

What should you do? (Choose all that apply.)


A. Start the Windows Event Collector service.
B. Start the Windows Connect Now - Config Registrar service.
C. Start the Windows Event Log service.
D. Start the Windows Remote Management service.
Definition
Answer: A,D
Term
You are the network administrator for your company. You have installed Windows Server 2008 on
all servers and Windows XP Professional Service Pack 2 (SP2) or Windows Vista on the client
computers in your company.

Your company wants to restrict non-compliant computers from communicating on a network. The
computers must meet the system health requirements as stated in a corporate security statement
before they connect to the network.

Which role service should you install?


A. Network Policy and Access Services
B. Routing and Remote Access Services
C. Terminal Services Licensing
D. Terminal Services Gateway
Definition
Answer: A
Term
You administer your company network, which consists of a single Active Directory domain. The
network is not connected to the Internet. The network contains two Windows Server 2008 domain
controllers, 10 Windows Server 2008 member servers, and 100 Windows Vista client computers.
Server01 hosts a standard primary DNS zone for the Active Directory domain.

You must ensure that if a DNS client queries Server01 for external name resolution, Server01 will
not attempt to contact DNS servers outside the corporate network.

What should you do?


A. Remove all entries from the Root Hints tab.
B. Clear the DNS Server cache.
C. Disable recursion.
D. Remove all forwarders from the Forwarders tab.
Definition
Answer: C
Term
You are the network administrator for your company. All servers on the company's network run
Windows Server 2008. You are required to install a Dynamic Host Configuration Protocol (DHCP)
server on the network to enable client computers on the network to obtain IP address
automatically from the DHCP server.

You want to ensure that when you install the DHCP server, the server is automatically authorized.
What should you do?


A. Install the DHCP server on a server that is member of the domain.
B. Install the DHCP server on a stand-alone server.
C. Install the DHCP server on the domain controller.
D. Install the DHCP server on a member server and the DHCP Relay Agent on the domain
controller
Definition
Answer: C
Term
You are the network administrator for your company. The company's network contains servers
that run Windows Server 2008. A server named DNS1 is configured as a Domain Name System
(DNS) server on the network to handle name resolution from users. DNS1 contains a primary zone
that holds DNS data for network users.

You discover that the primary zone on DNS1 contains entries for computers that no longer exist on
the network. What should you do to immediately start scavenging stale resource records?


A. Right-click the DNS server node in the DNS Manager snap-in, and click the Set
Aging/Scavenging for All Zones option.
B. Select the Enable automatic scavenging of stale records option on the Advanced tab in the
properties dialog box of the DNS server.
C. Select the Scavenge stale resource records option in the Zone Aging/Scavenging Properties
dialog box.
D. Right-click the DNS server node in the DNS Manager snap-in and click the Scavenge Stale
Resource Records option.
Definition
Answer: D
Term
You are the system administrator for a company that has purchased another company. The new
company has several UNIX computers.

You install a Windows 2008 Server Core server and several Windows Vista computers at the new
company's location. A proprietary application runs on some of the UNIX computers. You need to
configure a print server on the Windows Server 2008 Server Core computer to enable users at the
UNIX computers to print.

What should you do?


A. Run Start /w ocsetup Printing-LPDPrintService.
B. Run Slmgr.vbs -ato.
C. Run cscript scregedit.wsf /LDP /4.
D. Run net start LPDSVC.
Definition
Answer: A
Term
You are the network administrator for your company. The network contains a single Windows
2008 Active Directory domain. A Windows Server 2008 computer named Remote1 is a member
server with Routing and Remote Access installed. Remote1 allows both dial-up and virtual private
network (VPN) connections.

Smart cards are issued to all users who will access the network remotely. The smart cards will be
used for both dial-up and VPN connections. All users who will access the network remotely are
issued Windows 2000 Professional portable computers with smart card readers. The written
security policy for your company states that the users are required to use the smart cards only
when connecting to the network remotely. When connecting to the network locally, smart cards
should not be used.

You must implement a remote access solution that will enforce the written security policy.

What should you do?


A. In the Active Directory Users and Computers console, enable the Smart card is required for
interactive logon option for each user account that will access the network remotely.
B. Install a computer certificate on Remote1. Configure the remote access policy on Remote1 to accept only EAP-TLS authentication. Use the Remote1 computer certificate for authentication.
C. Install a computer certificate on Remote1. Configure the remote access policy on Remote1 to
accept only EAP-MD5 authentication. Use the Remote1 computer certificate for authentication.
D. Install a computer certificate on each computer. Configure the remote access policy on
Remote1 to accept only EAP-TLS authentication. Use the computer certificate for authentication.
E. Install a computer certificate on each computer. Configure the remote access policy on
Remote1 to accept only EAP-MD5 authentication. Use the computer certificate for authentication.
Definition
Answer: D
Term
You are the network administrator for your company. The company's network consists of Windows
Server 2008, Windows XP, and Windows Vista computers.

Your company has a partner company with which you need to share applications using a virtual
private network (VPN). You need to deploy the VPN on a Windows Server 2008 computer.

Which service role should you install?


A. Web Server (IIS) role
B. Terminal Services role
C. Application Server role
D. Network Policy and Access Service role
Definition
Answer: D
Term
You are the network administrator of your company. The servers on the company's network run
Windows Server 2008. The company's network consists of a single Active Directory domain. A
server named DNS1 is configured as a Domain Name System (DNS) server and stores the
directory-integrated DNS zone for your company.

You promote a member server to a domain controller, but you discover that the Service Record
(SRV) for the new domain controller is not created in the directory-integrated DNS zone. What
should you do to create an SRV record for the new domain controller by involving least
administrative effort?


A. Restart the DHCP Client service.
B. Restart the Netlogon service.
C. Configure the properties for forward lookup zone to allow only secure updates.
D. Manually add an SRV record for the new domain controller.
Definition
Answer: A
Term
You are the network administrator for your company. The company network runs on Windows
Server 2008. All the client computers run Windows Vista.

You have a branch office and a main office. You need to monitor all the frames that pass over the
network to a local buffer, regardless of the destination address.

What should you do?


A. Use a capture buffer
B. Use display filters
C. Use promiscuous mode
D. Use capture triggers
Definition
Answer: C
Term
You are the network administrator for your company. The network contains Windows Server 2008
and Windows Vista computers. You are configuring FileSrv2 to forward Event Viewer events to
Srv2.

On FileSrv2, you run the winrm quickconfig command. Then on Srv2, you run the wecutil qc
command. Finally, you add the Srv2 account to the local Administrators group on FileSrv2.

What should you do next?


A. Create a custom view on FileSrv2.
B. Create a custom view on Srv2.
C. Create a new subscription on FileSrv2.
D. Create a new subscription on Srv2.
Definition
Answer: D
Term
You are the network administrator for your company. You have recently installed Windows Server
2008 for your company. You want to create a test network of five subnets that will use IPv6. You
have to create the network in such a way that the client computers on the test network are able to
communicate with each other while ensuring that they cannot access the Internet. In addition, the
addresses used should be unique across all sites within your company.

Which IP address could you use?


A. 0:0:0:0:0:0:0:0
B. FE80:AB10:2B5C:B000:: /64
C. FD00:AB10:2B5C:B000::/8
D. FEC0:AB10:2B5C:B000::/10
Definition
Answer: C
Term
You are the network administrator for your company. The company network runs Windows Server
2008. All client computers run Windows Vista.

You have a file server named SERV1. SERV1 has a shared folder. You have enabled disk quotas
on the shared folder. You want to achieve the following objectives:

· Receive a notification when a user copies more than 500 MB of data to the shared folder.

· Ensure that users are not able to copy more than 500 MB of data to the shared folder.

What should you do?


A. Use a soft quota.
B. Use a hard quota.
C. Use Active Screening.
D. Use Passive Screening.
Definition
Answer: B
Term
Mark works as a Network Administrator for ABC Inc. The company has a Windows 2008
domainbased network. The domain consists of Windows 2008 member servers and Windows
Vista client computers. The security policy for the company specifies that the security updates
status and security related settings of the servers in the domain must be examined regularly. Mark
wants to automate this process, so that reports for all the servers are generated every night. What
will he do to accomplish this?


A. Schedule a task on each server to run the MSCONFIG.EXE command every night.
B. Schedule a task on each server to run the CONVERT.EXE command every night.
C. Schedule a task on a central Windows Vista computer to run the MBSACLI.EXE command for
each server every night.
D. Schedule a task on each server to run the QFECHECK.EXE command every night.
Definition
Answer: C
Term
Mark works as a Network Administrator for ABC Inc. The company has a Windows Server 2008
domain-based network. The domain consists of four domain controllers, two Windows 2008
member servers, and 100 Windows Vista and 50 Windows XP Professional client computers. The
network has two subnets with subnet addresses 192.168.0.0/24 and 192.168.1.0/24.

Mark wants to scan the computers in the network by using the Microsoft Baseline Security
Analyzer (MSBA) tool. All the computers that he wants to scan are in a single subnet
192.168.0.0/24. Mark installs MBSA on a client computer named BSACOMP and runs
MBSA.EXE. After scanning the computers, he finds that the report does not contain any data of
the computers in the subnet 192.168.0.0/24. Mark wants to generate a report that includes results
from all the computers in the subnet 192.168.0.0/24. What will he do to accomplish the task?


A. In the MBSA tool window, specify host names of all the computers in the subnet
192.168.0.0/24.
B. In the MBSA tool window, specify NetBios names of all the computers in the subnet
192.168.0.0/24.
C. In the MBSA tool window, specify the subnet mask of the subnet 192.168.0.0/24.
D. In the MBSA tool window, specify the IP address range from 192.168.0.1 to 192.168.0.254 and
start scanning.
Definition
Answer: D
Term
Mark works as a Network Administrator for ABC Inc. The company has a Windows Server 2008
domain-based network. The network has a file server that runs on Windows Server 2008. His
assistant wants to know about the wireless local area network (WLAN) SSID. Which of the
following statements are true about WLAN SSID?

Each correct answer represents a complete solution. Choose three.


A. All wireless devices on a wireless network must have different SSIDs.
B. It has a maximum length of 32 characters.
C. It is a sequence of alphanumeric characters.
D. It is the name of a wireless local area network (WLAN).
E. It has a maximum length of 24 characters.
Definition
Answer: B,C,D
Term
You work as a Network Administrator for ABC Inc. The company has a Windows Server 2008
domain-based network. The network has three Windows Server 2008 member servers and 150
Windows Vista client computers. You plan to setup a VPN so that the company employees
working from remote locations can access the company's private network through the Internet.
You want to use the Layer 2 Tunnelling Protocol (L2TP) connection. Which of the following
protocols will you use to ensure security and protect data on the VPN?


A. Transport Layer Security (TLS)
B. Internet Protocol Security (IPSec)
C. Point-to-Point Protocol (PPP)
D. Microsoft Point-to-Point Encryption (MPPE)
Definition
Answer: B
Term
You work as a Network Administrator for ABCInc. The company has a Windows Server 2008
network environment. A user complains that he is unable to access resources on the network.
Other users on the network do not face any such issue. Running the IPCONFIG /all command on
his computer produces the following result:

IP address

169.254.46.102

Subnet Mask

255.255.0.0

Default Gateway

NA


You know that the address assigned to the user's computer is provided through the APIPA
feature. You want to ensure that the user's computer is configured with a valid static IP address in
case the computer is unable to get a lease from a DHCP server. Which of the following actions will
you perform to accomplish the task?


A. Configure one more DHCP server on the network. Define a separate scope of IP address on
the new server instead of the previous one.
B. Disable APIPA on the client computer.
C. Configure the user's computer with an alternative configuration.
D. Configure the client computer with a static IP address instead of configuring it to an IP address
automatically.
Definition
Answer: C
Term
Mark works as a Network Administrator for ABC Inc. The company has a Windows 2003 single
domain-based Active Directory network. The network has five Windows 2008 member servers and
150 Windows Vista client computers. Mark's assistant wants to know about the advantages of
NTFS file systems. Which of the following are the advantages of NTFS file system?

Each correct answer represents a complete solution. Choose all that apply.


A. It provides compression.
B. It offers disk quotas feature.
C. It supports Encrypting File System (EFS).
D. It supports file and folder level permissions
Definition
Answer: A,B,C,D
Term
Mark works as a Network Administrator for ABC Inc. The company has a Windows Server 2008
domain-based network. The network has a file server that runs on Windows Server 2008. Mark
wants to secure all the important data so that only he can access the data. All the data is stored on
a Windows Server 2008 member. As the data volume is large, it is kept in a compressed form on
the NTFS partition. He decides to encrypt the data with the Encrypting File System (EFS) . When
he attempts to encrypt the data, he is unable to do it. What is the most likely cause of the issue?


A. Data is stored on NTFS file system.
B. Windows Server 2008 does not support EFS.
C. EFS does not support compression.
D. The data files are larger than 2MB.
Definition
Answer: C
Term
You work as a Network Administrator for ABC Inc. The company has a Windows Server 2008
network environment. The network has fifteen Windows Server 2008 member servers. All client
computers on the network run Windows XP Professional. You have configured a DHCP server on
the network to automatically assign IP addresses to the client computers. You install a new
computer for a user named Rick. Rick complains that he is unable to access the network
resources. You run IPCONFIG on his computer and receive the following IP configuration
information:

IP address

169.254.66.152

Subnet Mask

255.255.0.0

Default Gateway

NA

Other users are not facing the same problem. What is the most likely cause?

A. The DHCP server is not working on the network.
B. The DNS server is not working on the network.
C. The TCP/IP protocol suite is not installed on his computer.
D. The computer is not able to connect to the DHCP server.
Definition
Answer: D
Term
You work as a Network Administrator for ABC Inc. The company has a Windows Server 2008
network environment. All client computers on the network run Windows XP Professional. A DHCP
server named DHCPSERV is configured on the network. You want to record the DHCPSERV
activity in a text file to monitor and troubleshoot the DHCP server performance. You enable audit
logging on DHCPSERV from the DHCP console. You want to modify the default location of the log
file to c:\DHCPlog.

Which of the following steps will you take to accomplish the task?

Each correct answer represents a part of the solution. Choose all that apply.


A. Open the command prompt on DHCPSERV, and run the NETSH DHCP command.
B. At the DHCP server > prompt, run SET AUDITLOG c:\DHCPlog.
C. Open the command prompt on DHCPSERV, and run the NETSH DHCP SERVER command.
D. Stop and restart the DHCP service on DHCPSERV.
Definition
Answer: B,C,D
Term
You work as a Network Administrator for ABCInc. The company has a Windows Server 2008
network environment. All client computers on the network run Windows XP Professional. A DHCP
server is configured on the network. You want to add a DHCP scope on the DHCP server for the
computers in a department named Research with the following details:

IP address

169.254.66.152

Subnet Mask

255.255.0.0

Default Gateway

NA


Which of the following steps will you take to accomplish the task?

Each correct answer represents a part of the solution. Choose two.


A. Open the command prompt on the DHCP server, and then run the NETSH DHCP SERVER
SCOPE command.
B. At the dhcp server> prompt, run ADD SCOPE 192.168.2.0 255.255.255.0 Research.
C. At the dhcp server scope> prompt, run ADD SCOPE 192.168.2.0 255.255.255.0 Research.
D. Open the command prompt on the DHCP server, and then run the NETSH DHCP SERVER
command.
Definition
Answer: B,D
Supporting users have an ad free experience!