Exam : 070-642

Title

: TS: Windows Server 2008 Network
Infrastructure, Configuring

Ver

: 07.29.08

070-642

QUESTION 1:
Certkiller .com has an IPv6 network which has 25 segments. As an administrator,
you deploy a server on IPv6 network. What should you do to make sure that the
server can communicate with systems on all segments of the IPv6 network?
A. Configure the IPv6 address on the server as 0000::2c0:d11f:fec8:3124/64
B. Configure the IPv6 address on the server as ff80::2c0:d11f:fec8:3124/64
C. Configure the IPv6 address on the server as fe80::2c0:d11f:fec8:3124/64
D. Configure the IPv6 address on the server as fd00:: 2c0:d11f:fec8:3124/8.
Answer: D
QUESTION 2:
You are a network administrator at Certkiller .com. You have upgraded all servers
in the company to Windows Server 2008. Certkiller .com wants you to configure IPv6
addresses on all computers in the network. A global address prefix is assigned to
you. The prefix is 3FFA:FF2B:4D:B000::/41. Certkiller .com has four departments. You
have to assign a subnet to each department. In this way, which subnetted address prefix
will you assign to the fourth department?
A. 3FFA:FF2B:4D:C800::/43
B. 3FFA:FF2B:4D:B400::/43
C. 3FFA:FF2B:4D:C000::/43
D. 3FFA:FF2B:4D:F000::/45
E. None of the above
Answer: A
Explanation
The option 3FFA:FF2B:4D: C800::/43 is correct. The subnetting in IPv6 is performed by
determining the number of bits used for subnetting and the itemization of the new
subnetted address prefixes.
Usually the number of bits for subnetting is s, where 2^s = number of subnets to be
created. In this scenario 2^s = 4 and therefore s=2.
Then the itemizations of the new subnetted address prefixes are done. In this scenario, the
correct subnetted address prefix is 3FFA:FF2B:4D:C800::/43. So option A is the correct
answer.
QUESTION 3:
Exhibit:

Actualtests.com - The Power of Knowing

070-642

Certkiller has decided to re-design its public network. The network will employ an
IPv4 addressing. The range would be 129.108.10.0/21. The network must be
configured in segments as shown in the exhibit. You have to configure the subnets
for each segment in the network. You need to ensure that your solution must
support all computers in each segment. Which network addresses should you assign
to achieve this task?
A. Segment A: 129.108.10.109/22, Segment B: 129.108.10.0/23, Segment C:
129.108.10.0/24, Segment D: 129.108.10.109/25
B. Segment A: 129.108.10.0/22, Segment B: 129.108.10.0/23, Segment C:
129.108.10.0/24, Segment D: 129.108.10.128/26
C. Segment A: 129.108.10.0/22, Segment B: 129.108.10.128/23, Segment C:
129.108.10.0/192, Segment D: 129.108.10.224/25
D. Segment A: 129.108.10.128/22, Segment B: 129.108.10.192/23, Segment C:
129.108.10.224/24, Segment D: 129.108.10.0/26
E. None of the above
Answer: B
QUESTION 4:
Certkiller network is configured to use Internet Protocol version (Ipv6). You
installed a Dynamic Host Configuration Protocol (DHCP) server on a server named
Certkiller DHCP1 running Windows 2008 server. You want to ensure that neither IP
address nor other configuration settings are automatically allocated to DHCP
clients on a subnet that does not use DHCPv6 from Certkiller DHCP1. How should
you configure the Managed Address Configuration flag, and the other Stateful
Configuration flag in the route advertisements?
Actualtests.com - The Power of Knowing

070-642

A. Set both Managed Address Configuration and Other Stateful Configuration flag to 0
B. Set both Managed Address Configuration and Other Stateful Configuration flag to 1
C. Set both Managed Address Configuration to 0 and Other Stateful Configuration flag to 1
D. Set both Managed Address Configuration to 1 and Other Stateful Configuration flag to 0
Answer: A
Explanation:
This setting will ensure host will receive neither an IP address nor additional
configuration information.
QUESTION 5:
You have upgraded hardware of DNS servers in your network. You also added two
new domain controllers to the domain. All client computers use DHCP. Users are
not able to logon to domain after the upgrade of DNS servers. What should you do
to ensure that users are able to log on to the domain?
A. Restart the Netlogon service on the new DNS servers
B. Run ipconfig/registerdns at the command prompt of new DNS servers
C. Reconfigure the DHCP scope option 006 DNS name Servers with the new DNS
servers IP addresses
D. Configure the network settings for workstations to Disable NetBIOS over TCP/IP
E. None of the above
Answer: C
Explanation:
To ensure that the users are able to log on to the domain, you should reconfigure the
DHCP scope option 006 DNS name Server with the new DNS servers IP addresses.
QUESTION 6:
Exhibit:

Actualtests.com - The Power of Knowing

None of the above Answer: A Explanation: To ensure that the server communicates with systems on all segments of the IPV6 network. None of the above Answer: A Explanation: The original prefix length for the globe address prefix 3FFE:FFFF:0:C000:: is 51.The Power of Knowing . 54 E. s = 3 QUESTION 7: Certkiller Company has IPV6 network.070-642 Certkiller company network consists of Windows 2008 server computers and Windows Vista client computers. The IPV6 network has 25 segments. What would be the original prefix length for the global address prefix 3FFE:FFFF:0:C000:: ? A. Configure the IPV6 address as fd00::2b0:d0ff:fee9:4143/8 B. The eight Ipv6 subnetted address prefixes are the result of 3 bit subnetting of the global address prefix 3FFE:FFFF:0:C000::/51. Configure the IPV6 address as 0000::2b0: d0ff:fee9:4143/64 E.netcraftsmen. Configure the IPV6 address as ff80::2b0: d0ff:fee9:4143/64 D. Please refer to the exhibit. To perform 3-bit subnetting of the global address prefix 3FFE:FFFF:0:C000::/51 we use the following calculations: Hexadecimal value of the subnet ID being subnetted. What should you do to ensure that the server could communicate with systems on all segments of the IPV6 network? A. 51 B. you need to configure the IPV6 address as fd00::2b0:d0ff:fee9:4143 /8 because this address is the local unicast address type and is not routed on the Internet. Reference: IPv6 Unicast Address Information http://www. F = oxC000 Subnetting bits. You deployed a new Windows 2008 server on the IPV6 network.net/welcher/papers/ipv6part02.html Actualtests. You have the following eight Internet Protocol version 6 (Ipv6) sub netted address prefixes. Configure the IPV6 address as fe80::2b0: d0ff:fee9:4143/64 C. It is generally filtered inbound. 52 C.com . 53 D.

10. 192.0.255.0 and use 0-127 as their first octet 2. We have deducted 6 bits from the total of 32 bits.10. Class A networks has a default subnet mask of 255. To configure 50 hosts. Run the IPv6. Windows 2000 Professional.100.0/30 C.10.The Power of Knowing . The corporate network of the company consists of servers that run Windows Server 2008 and client computers that run Windows XP Service Pack 2 (SP2). To calculate the number of host bits.10. use the formula: 2^n-2 where n=32 bits.10. Actualtests.100.0.0.10. Class C networks has a default subnet mask of 255.100/26 will be able to accommodate 50 hosts per subnet. Windows Server 2008 is implemented on the servers. 192. Which of the following options would you choose to ensure that all client computers can use the IPv6 protocol? A.com. QUESTION 9: You are an enterprise administrator for Certkiller . Class B networks has a default subnet mask of 255.0/29 D. The formula to calculate the hosts per subnet is: 32-26= 6 2^6-2= 62 So according to this calculation.100.0 and it can use 128-191 as their first octet 3. Network address is calculated as follows: 1.070-642 QUESTION 8: You are an administrator at Certkiller . In this scenario.com .255.100. The company has decided to use IPv6 protocol on its network./31 E. Certkiller .exe tool on all the client computers. 192. The initial network has 20 computers. Upgrade the Windows 2000 Professional computers to Windows XP SP2.0/57.100.100/26 network address which has maximum 62 hosts per subnet. network address 192.com has opened a new BRanch office at a new location.10. B.0/26 B. 50 computers have to be configured in a network. or Windows Vista. you should use 192. 192.255. You are asked to configure an appropriate IP addressing scheme in the network. you need 192.0. None of the above Answer: A Explanation To configure an appropriate IP addressing scheme in the network.0 and it can 192-223 as their first octet You need to configure the network address to accommodate at least 50 hosts per subnet. Which network address should you use to accomplish this task? A.

Configure dynamic NAT on the firewall. you need to upgrade the Windows 2000 Professional computers to Windows XP SP2. The older operating systems such as Windows 2000 professional does not support Ipv6 therefore this needs to be upgraded to either Windows XP or Windows Vista. D. Each BRanch office is protected by a firewall that performs symmetric NAT. The company consists of a head office and two BRanch offices.com . You can now get versions of Windows that fully support most aspects of IPv6 (namely Windows XP and Windows Server 2003) and you will soon be able to get versions of Windows that not only fully support IPv6 but also provide enhanced performance for IPv6 networking. B.070-642 C. Teredo in Windows Vista and Windows Server "Longhorn" will work if one of the peers is behind a symmetric NAT and the other is behind a cone or restricted NAT. The computers in the BRanch office locations use IPv4 and IPv6 protocols. IPv6 protocol is far superior to IPv4 protocol in terms of security. Configure the external interface of the firewall with a global IPv6 address. Answer: A Explanation: To allow peer-to-peer communication between all BRanch offices where each location is protected by a firewall that performs symmetric NAT. Answer: B Explanation: To ensure that all computers can use the IPv6 protocol.html QUESTION 10: You are an enterprise administrator for Certkiller . Configure the internal interface of the firewall with a link local IPv6 address. Upgrade all Windows 2000 Professional computers with Service Pack 4. Therefore. Which of the following options would you choose to allow peer-to-peer communication between all BRanch offices? A. Teredo is an IPv6 transition technology that provides address assignment and host-to-host automatic tunneling for unicast IPv6 traffic when IPv6/IPv4 hosts are located behind one or multiple IPv4 network address translators (NATs).The Power of Knowing . Install the Active Directory Client extension (DSClient. you need to configure the firewall to allow the use of Teredo. D.exe) on all the client computers. all the new operating systems started using IPv6 protocol. and quality of service (QoS).windowsnetworking.com/articles_tutorials/IPv6-Support-Microsoft-Windows.com. Reference: IPv6 Support in Microsoft Windows/ Windows 2000 http://www. Actualtests. The corporate network of Certkiller consists of a single Active Directory domain called Certkiller . Configure the use of Teredo in the firewall. complexity. C.

Windows XP with SP1 or later.com/windowsserver/en/liBRary/8478cc0b-1613-431b-8130529735d2945b1033.com.070-642 Reference: Teredo Overview http://technet. C. Windows Server 2008. On the command prompt type ping 172. D.mspx?m Reference: link-local address http://www.9/21.com . You find out that the DHCP server has stopped.45.com/en-us/liBRary/bb457011(TechNet. The settings on CKDHCP are configured correctly.16. On the command prompt type ping followed by the Link-local address of the server.9:::::. On the command prompt type ping ::9. Link-local addresses are network addresses which are intended only for use in a local data link layer network. you install and configure a member server named CKDHCP as a Dynamic Host Control Protocol (DHCP) server. You are an administrator at Certkiller . On the command prompt type ping followed by the Site-local address of the server.16. and Windows Server 2003 include an IPv6-enabled version of the Ping.40. The users at client computers complain that their machines are not receiving IP address from CKDHCP.microsoft. you need to type ping followed by the Link-local address of the server.40.168.18.com has servers that run Windows Server 2008. Which of the following command prompt options would you choose to test IPv6 communication to a server that has an IP address of 172. They say that their computers are getting IP addresses from 129. B.18/21? A.The Power of Knowing . To assign IPs dynamically to all client computers.x range.10). The corporate network of Certkiller consists of a Windows Server 2008 computer that is configured to use IPv6 addressing and has an IP address of 172. and not for routing beyond that network.aspx QUESTION 11: You are an enterprise administrator for Certkiller . What should you do to make sure that the CKDHCP server is not stopped and all client machines are obtaining IP addresses from CKDHCP server automatically? Actualtests.exe tool.x. Reference: Test an IPv6 configuration by using the ping command http://technet2.com/topic/link-local-address-1?cat=technology QUESTION 12: Certkiller . You configure all client computers to get their IP addresses automatically from CKDHCP.microsoft. Answer: A Explanation: To test IPv6 communication to a server.40.answers.172. Windows Vista. Link-local addresses are often used for network address autoconfiguration where no external source of network addressing information is available.16.

You have to authorize the DHCP server to ensure that the DHCP is able to assign IP addresses to client computers. In fact you should authorize the DHCP server as soon as you install it. Default gateway and DNS servers to the DHCP-enabled clients. Restart the CKDHCP server E. The server is automatically authorized when you add the server to the DHCP server for the first time. Configure a scope on CKDHCP server D. To ensure that the client machines receive their IP addresses and all related configuration.070-642 A.The Power of Knowing . QUESTION 13: Certkiller . What should you do to achieve that? A. As a network administrator of Certkiller . Install DHCP service on a server that is a member of Active Directory domain B.com. Install DHCP on a member server and then configure a scope on DHCP server to access domain controller E. you should authorize the DHCP server. But when you install the DHCP server on a computer that runs domain controller.com has servers on its network that run Windows Server 2008. The DHCP server dynamically allocates IP addresses and other related configurations to DHCP-enabled clients. A DHCP server that is not authorized in your enterprise will not be able to function properly and will be stopped. None of the above Answer: C Explanation The correct option is C. QUESTION 14: Actualtests. Authorize the DHCP server to assign IP addresses to client computers Answer: E Explanation To make sure that the CKDHCP server is not stopped. you should authorize the DHCP server to assign IP addresses to client computers. You need to ensure that you install the DHCP server and it is automatically authorized to enable client machines to obtain IP addresses from it. you should install the DHCP server on a domain controller. Install DHCP on a stand-alone server C. Install DHCP server on a domain controller D. The easy way to do this is to install DHCP server on a machine that is running domain controller. DHCP assigns IP addresses. you are directed to install DHCP server on the network that will assign IP addresses automatically to all client machines. the server is automatically authorized when you add the server to the DHCP console for the first time. Restart the DHCP service on CKDHCP server C. Reconfigure the CKDHCP server to assign IP addresses to all client machines using DNS settings B. It has a single Active Directory domain.com .

Thecombination of both M and O flags set to 0corresponds to a network without a DHCPv6 infrastructure.Servers with the IP addresses of new DNS servers D. Restart the Netlogon service on the new DNS servers B.The Power of Knowing . you need to set both Managed Address Configuration and Other Stateful Configuration flag to 0. Set both Managed Address Configuration to 0 and Other Stateful Configuration flag to 1 D. What should you do to ensure that users are able to log on to the domain? A.com/en-us/magazine/cc162485. Reconfigure the DHCP scope option 006 DNS . Reference: The Cable Guy the DHCPv6 Protocol http://technet. None of the above Answer: A Explanation: To ensure that neither IP address nor other configuration settings are automatically allocated to DHCP clients on a subnet that does not use DHCPv6 from Certkiller DHCP1. You installed a Dynamic Host Configuration Protocol (DHCP) server on a server named Certkiller DHCP1 running Windows Server 2008. How should you configure the Managed Address Configuration flag. and the other Stateful Configuration flag in the route advertisements? A. Set both Managed Address Configuration and Other Stateful Configuration flag to 0 B.com network is configured to use Internet Protocol version (Ipv6).com . All client computers use DHCP server to obtain IP addresses. the network users were not able to logon to domain.aspx QUESTION 15: Certkiller uses Windows Server 2008 on its network. You want to ensure that neither IP address nor other configuration settings are automatically allocated to DHCP clients on a subnet that does not use DHCPv6 from Certkiller DHCP1. None of the above Answer: C Explanation: Actualtests. However.070-642 Certkiller . Run ipconfig/registerdns at the command prompt of new DNS servers C. Configure the network settings for workstations to Disable NetBIOS over TCP/IP E. You have recently upgraded the hardware of Domain Name Service (DNS) servers in your network and added two new domain controllers to the domain.microsoft. Set both Managed Address Configuration and Other Stateful Configuration flag to 1 C. Set both Managed Address Configuration to 1 and Other Stateful Configuration flag to 0 E. after the upgrade of DNS servers.

98.html QUESTION 16: Exhibit: Computer/Server Mac Address IP Address CertKiller2 00-41-A3-6E-49-E2 169. you need to reconfigure the DHCP scope option 006 DNS .The Power of Knowing .070-642 To ensure that users are able to log on to the domain.intranetjournal.22 && DHCP.1. The server has DHCP Server role installed on it. Address == 0x00103A4D5423 && DHCP B.253. you need to use IPv4.98.Address == 169.109 CertKiller101 The corporate network of Certkiller .98. who was using computer named Certkiller 101 complained that he is unable to get an IP configuration from the DHCP server. Reference: A Guide to Network Monitor 3.253.1. Ethernet. you need to specify IPv4.0 on Certkiller 2.com .aspx Actualtests.Address == 169. Therefore you would use 169. To define a filter. IPv4. Which of the following filters would you use to build a filter in the Network application to capture the DHCP traffic between Certkiller 2 and Certkiller 101? A. you opened the Microsoft Network Monitor 3.Address == 192. None of the above Answer: B Explanation: To build a filter in the Network application to capture the DHCP traffic between Certkiller 2 and Certkiller 101.168. period. Address == 0x0041A36E49E2 && DHCP E.1.98. Reference: Using Dynamic Host Configuration Protocol /Setting DHCP Options http://www.22 that is DHCP related. In this question you need to find the traffic originating from 169. you can combine several conditions in a specific filter using the AND (&&) and OR (||) logical operators.Servers with the IP addresses of new DNS servers because this option allows you to define IP addresses for one or more DNS servers to be used by the DHCP clients.22 && DHCP.1 / Building a complex filter (or defining several conditions) http://blogs.microsoft.98.com consists of a Windows Server 2008 server called Certkiller 2.com/articles/200004/im_dhcpg. A network user.253.22 && DHCP C.il/blogs/erikr/archive/2007/08/29/A-Guide-to-Network-Monitor-3. To find out the problem.co.253.253. In order to fine tune a specific filter.168. SourceAddress then the equal mark (twice) and the IP address (source).22 00-10-3A-4D-54-23 192. IPv4. enabled the P-mode and decided to capture only the DHCP Server-related traffic between Certkiller 2 and Certkiller 101 The network interface configuration for the two computers is shown in the exhibit. Ethernet.109 && DHCP D.

so that the same reservation is available on the other DHCP server also.com/kbase/WindowsTips/Windows2003/AdminTips/Network/DHCPReservati o QUESTION 18: You are an enterprise administrator for Certkiller . The domain consists of four Windows Server 2008 servers on which DNS role is installed. Run the ipconfig /renew command on Certkiller PTC1. a second DHCP server is installed on the network. Which of the following options would you choose to ensure that Certkiller PTC1 receives the DHCP reservation from the DHCP service? A.The Power of Knowing . Configure the 005 Name Servers scope option on DHCP1. Add the DHCP reservation for Certkiller PTC1 to the second DHCP server.windowsnetworking. B. B. However. Recently. Which of the following options would you choose to accomplish this task? A. In the above scenario you need to simply add the DHCP reservation for Certkiller PTC1 to the second DHCP server also. Add both DHCP servers to the RAS and IAS Servers group in the Active Directory domain.zdnetindia. D.com. you ensure that a machine always receives the same IP address from the DHCP server.com/index. The domain also consists of a DHCP server called DHCP1 that is used to assign IP addresses to the client computers.php?action=articleDescription&prodid=18616 Reference: DHCP Reservations and Exclusions http://www. The corporate network of Certkiller consists of a single Active Directory domain called Certkiller . Run the netsh add helper command on Certkiller PTC1. The corporate network has a DHCP server installed that is used to configure the IP addresses of the client computers. C. Reference: Configure a DHCP server in Windows Server 2008 http://www. Actualtests.070-642 QUESTION 17: You are an enterprise administrator for Certkiller . Answer: C Explanation: A reservation is a specific IP addresses that is tied to a certain device through its MAC address. By adding a reservation.com . The DHCP server has a DHCP client reservation for a portable computer named Certkiller PTC1. you need to prevent DHCP1 from assigning the addresses of the DNS servers to DHCP clients. The corporate network of the company consists of a single Active Directory forest. Create a reservation for the DHCP1 server. Each server has a static IP address.

B.mdb temp. Answer: C Explanation: To prevent DHCP1 from assigning the addresses of the DNS servers to DHCP clients. Create a new scope for the DNS servers. from the properties of dhcp. Run jetpack. Reconcile the database from the DHCP snap-in.mdb file.exe dhcp.mdb from the folder that contains the DHCP database. from the properties of dhcp.com/en-us/liBRary/cc463365. which are connected through a WAN link.com . Enable the Compress contents to save disk space attribute of the dhcp.mdb temp. An exclusion is an address or range of addresses taken from a DHCP scope that the DHCP server is not allowed to hand out.microsoft.com/kbase/WindowsTips/Windows2003/AdminTips/Network/DHCPReservati o QUESTION 19: You are an enterprise administrator for Certkiller .mdb command.mdb is used as a temporary database during the compacting operation. D.windowsnetworking.aspx QUESTION 20: You are an enterprise administrator for Certkiller . (The file temp. D. Reference: Section B: Migrate scopes and settings to the Management Server Prepare your DHCP server environment and export your DHCP server configuration http://technet.mdb file. C. The company has a head office and a BRanch office. The corporate network of Certkiller consists of a DHCP server that runs Windows Server 2008.070-642 C. The corporate network uses a DHCP server to assign IPv4 addresses to computers Actualtests. Which of the following options would you choose to reduce the size of the DHCP database? A. you need to use jetpack dhcp. Configure an exclusion that contains the IP addresses of the four DNS servers. Answer: D Explanation: To reduce the size of the DHCP database.mdb file. Enable the File is ready for archiving attribute of the dhcp. the message: 'Jetpack completed successfully' appears.mdb file. you need to configure an exclusion that contains the IP addresses of the four DNS servers.The Power of Knowing . Reference: DHCP Reservations and Exclusions http://www. The corporate network of the company consists of a single Active Directory domain.) After the database is compacted. where all servers run Windows Server 2008.

microsoft. Answer: D Explanation: To ensure that the portable computers can connect to network resources at the head office and the BRanch office. The DHCP server contains Actualtests. When you are in the office. which is used to lease IP addresses to all the computers in the domain. and you do not want to use an automatic private Internet protocol (IP) addressing configuration. The BRanch office uses a different subnet. where one of those networks does not have a DHCP server. Similarly you can configure alternate configuration that contains a static IP address in the range used at the BRanch office to connect portable computers to the network resources at the main office and the BRanch office Reference: How to use the Alternate Configuration feature for multiple network connectivity in Windows XP http://support. D. This feature specifies that TCP/IP uses an alternative configuration if a DHCP server is not found. the computer uses a DHCP-allocated TCP/IP configuration. Configure the portable computers with an alternate configuration that contains a static IP address in the range used at the BRanch office. B.com . Which of the following options would you choose to configure the portable computers so that they can connect to network resources at the head office and the BRanch office? A.070-642 at the head office The BRanch office does not uses DHCP server and all computers in the BRanch office are configured with static IP addresses. When you are at home (where you do not have access to a DHCP server). The corporate network of the company consists of a single Active Directory domain. Configure the portable computers to use a static IPv4 address in the range used at the BRanch office. All the servers in the domain run Windows Server 2008. the computer automatically uses the alternative configuration. C.com/kb/283676 QUESTION 21: You are an enterprise administrator for Certkiller . The domain consists of a DHCP server named Certkiller Server1. You can use the Alternate Configuration functionality if you use a mobile computer at your office and at your home.The Power of Knowing . Alternate Configuration functionality can be used to establish multiple-network connectivity. The Alternate Configuration functionality is useful in situations where you use the computer on more than one network. Configure the address assigned by the DHCP server as a static IP address on the portable computers. Configure the portable computers with an alternate configuration that contains a static IP address in the range used at the head office. you should configure each portable computer using an alternate configuration that contains a static IP address in the range used at the BRanch office.

None of the above Actualtests.windowsnetworking.com . Create a multicast scope in Certkiller Server1. By adding a reservation. you ensure that a machine always receives the same IP address from the DHCP server. Which of the following options would you choose to ensure that the DHCP service starts on Certkiller DHCP1? A. Reference: Configure a DHCP server in Windows Server 2008 http://www. C.The Power of Knowing . Authorize Certkiller DHCP1in the Active Directory domain. C. Configure a scope on Certkiller DHCP1. E. E.php?action=articleDescription&prodid=18616 Reference: DHCP Reservations and Exclusions http://www. None of the above Answer: B Explanation: To ensure that Certkiller Server2 always receives the same IP address. Activate the scope on Certkiller DHCP1. when you attempted to start the DHCP service. Besides this an application server named Certkiller Server2 runs in the domain.com/kbase/WindowsTips/Windows2003/AdminTips/Network/DHCPReservati o QUESTION 22: You are an enterprise administrator for Certkiller . Assign a static IP address to Certkiller Server2. Create an exclusion range in the DHCP scope of Certkiller Server1. it did not start. However. A reservation is a specific IP addresses that is tied to a certain device through its MAC address. To configure the server as a DHCP server. Which of the following options would you choose to ensure that Certkiller Server2 always receives the same IP address? You also need to make sure that the Certkiller Server2 must always receive its DNS settings and its WINS settings from DHCP server. D.com/index. D. you need to create a DHCP reservation in the DHCP scope. Create a DHCP reservation in the DHCP scope of Certkiller Server1. Restart Certkiller DHCP1. Certkiller Server2 must receive its DNS settings and its WINS settings from DHCP. The domain consists of a member server called Certkiller DHCP1. The corporate network of the company consists of a single Active Directory domain that runs at the functional level of Windows Server 2003.070-642 only one scope. B. B. you installed the DHCP service on a server named Certkiller DHCP1. A.zdnetindia.

x. you checked the IP addresses of the computers in the branch office and found that they have IP addresses in the range of 169. Reference: Authorize a DHCP server in Active Directory http://technet2. you need to configure a DHCP relay agent on a member server in the branch office.com/mspress/books/sampchap/6371a.aspx Actualtests.070-642 Answer: B Explanation: To ensure that the DHCP service starts. On a member server in the branch office. On a member server in the head office. configure a DHCP relay agent.254. Which of the following options would you choose to ensure that branch office computers can connect to shared resources in both the head office and the branch office. E. which are on the other LAN.com/windowsserver/en/library/9f713d6c-d7e5-42a0-87f743dbf86a17301033.254. you need to authorize Certkiller DHCP1 in the Active Directory domain. None of the above Answer: D Explanation: To ensure that computers can connect to shared resources in both the head office and the branch office. A DHCP server can provide IP addresses to client computers on other LANs only if a DHCP relay agent is available.microsoft. The computers in the branch office have IP addresses in the range of 169. configure a DHCP relay agent.x.The Power of Knowing . This is because the DHCP server may be unavailable to the branch office computers. Include the head offices DHCP server address in the Broadcast Address DHCP server option B. Recently the branch office users have started complaining that they are unable to access shared resources in the head office. The company consists of a head office and a branch office. Reference: Chapter 5: Implementing the Dynamic Host Configuration Protocolcontinued / DHCP Servers Do Not Provide IP Addresses http://www. C.mspx?mf QUESTION 23: You are an enterprise administrator for Certkiller .microsoft. What should you do? A.com . All the servers in the domain run Windows Server 2008.x. D. To diagnose the problem.x because the client was not able to contact a DHCP server and obtain an IP address lease. Include the main offices server IP addresses in the Resource Location Servers DHCP server option. This procedure needed because you are running a DHCP server on a member server. The corporate network of the company consists of a single Active Directory domain.

0. What should you do to restore connectivity between the two networks? Actualtests.61.0.61. all routes configured through the route command are erased from the IP routing table.The Power of Knowing .0.0.1 D. All other options are invalid in this scenario.0.255.0. You are an administrator at Certkiller .33.0 is present in the routing table.255. The -p command is used to make a specific route persistent. All of the above Answer: A Explanation To add a route in the IP routing table. route -4 10.070-642 QUESTION 24: Certkiller .255.0 subnet mask: 255.0 10.61.33.0 subnet mask: 255.0. the users at the main office complain that they cannot access the BRanch office network.com.1 C. the next hop IP address for the route should be 10.0.255.0.0.33. route -p add 10.0.com . route add 10.0.0.0. you should use 10. The full command syntax for this specific task is route[-f] [-p] [Command[Destination] [maskNetmask] [Gateway] [metricMetric]] [ifInterface]] The -f parameter issues a command to the Windows to clear all gateway entries in the routing table.23.33.1 command.0.1. Using route print command you view the routing table and find out that an incorrect entry 10. Similarly if you use only -f.0.com has upgraded their servers from Windows Server 2003 to Windows Server 2008.255.0.0 subnet mask: 255.61. the route command instructs Windows to retain and keep the route in the IP routing table even if the server is rebooted.0 10.255.0. The destination server address is 10. You want to temporality connect the BRanch office network to the main corporate network. route add 10. However. The network at the BRanch office has to be connected to the main network.61.61.0 10. this route entry will be erased if the server is rebooted.0. If you use the -p parameter.0 255.0 with a subnet mask of 255. When the server is rebooted. If you use only the -p parameter along with this route commands. To achieve this. QUESTION 25: Certkiller .1 B.0.0 and a subnet mask of 255.33. Which command-line statement should you employ to achieve the task? A.0.33.0.33.0.0 along with the next hop address of 10.1.1 metric 45 E.255.0 10.0. You have succeeded in installing Windows Server 2008 on all servers and finished configuring necessary services.61.0 subnet mask: 255.255.0 subnet mask: 255. The command will not be executed because you haven't cleared the gateway entries in the IP routing table. you plan to add a route to the destination server which has an IP address of 10.com has upgraded its central office network to Windows Server 2008. Basically the route command is used to change or view the entries in the local routing table.0 10. In the IP routing table. You have connected the BRanch office network to the main network.

After deleting the entry. 10.0. QUESTION 26: Exhibit: Actualtests.255. The -p command is used to make a specific route persistent.0.0. Delete the wrong entry from the routing table by using route delete 10. Delete all entries in the routing table by using route -delete on each entry C.23. The full command syntax for this specific task is route[-f] [-p] [Command[Destination] [maskNetmask] [Gateway] [metricMetric]] [ifInterface]] The -f parameter issues a command to the Windows to clear all gateway entries in the routing table.0 255. Basically the route command is used to change or view the entries in the local routing table. When the server is rebooted. you can use the route -add command to add the correct entry. the route command instructs Windows to retain and keep the route in the IP routing table even if the server is rebooted.070-642 A.0 255.The Power of Knowing . None of the above Answer: C Explanation To restore the connectivity between the main office and the BRanch office network.0.com . all routes configured through the route command are erased from the IP routing table.0.0 in the routing table by using the route -p B.0 command D. Delete the incorrect entry from the routing table by using route *224* command E.23.255. Delete the wrong entry. you should first delete the wrong entry from the routing table using the route -delete 10.23. If you use the -p parameter.255.0.0 255.0.

10.0/22. /22 means that a subnet can have 1024 computers.108. Segment A: 129.109/22.192/23.108.10. Segment B: 129. None of the above Answer: B Explanation: To ensure that your solution must support all computers in each segment.10.108.0/192.128/26 C.10.108. Segment C: 129.0/24. and /24 means that a subnet can have 254 computers.10. Segment C: 129. Segment B: 129.109/25 B.108.108.10.224/24. Segment A: 129.10.108.10.070-642 Certkiller has decided to re-design its public network.128/22.10.10. The range would be 129. Reference: Subnetwork http://en. The network will employ an IPv4 addressing. Segment A: 129.10. Segment C: 129.com . /23 means that a subnet can have 512 computers. 512 computer can be configured for /24 subnet.108.0/24. Segment B: 129.0/23.10.108. Segment B: 129. Because there are two networks with /24 subnet. Segment D: 129.128/24 This is because 129.0/23. The network should be configured as per the exhibit shown below: Actualtests.108.10.wikipedia. Segment D: 129. Segment D: 129.224/25 D.108.10.10. Segment D: 129.108. Segment C: 129.0/22.0/26 E. You have to configure the subnets for each segment in the network.108.0/24.0/21 can have maximum 2048 computers.The Power of Knowing .108. it will use an Ipv4 range of 131.org/wiki/Subnetwork QUESTION 27: Certkiller is designing its public network.107.10. Which network addresses should you assign to achieve this task? A.108.108.108.108. Segment B: 129.0/22.40.10. You need to ensure that your solution must support all computers in each segment.10.128/23.10.0/23.10. The sum of above three gives the required number of computers in the subnet.108. you need to configure Segment A: 129. Segment D: 129.0/22.108. Segment A: 129.108.0/21.10. Segment C: 129.10. The network must be configured in segments as shown in the exhibit.108.

107.0/25 Segment D: 131.45.107.128/23 Segment B: 131.0/24 Segment C: 131.0/24 Segment C: 131.070-642 We need to configure subnets for the segments of the network.42. Segment B: 131.107.107.0/24 can have 254 computers covering 125 computers Segment C: 131.The Power of Knowing .40.107.45.0/23 Segment B: 131.107. Segment D: 131.107.40. None of the above Answer: A Explanation: To ensure that your solution must support all computers in each segment.43. In order to support computers in all segments which network addresses should you use? A.46.40.107.0/25 Segment D: 131.128/27 E.44.com .107.43.45.0/23.40.224/30 C.40.0/24 Segment C: 131.0/25 can have 192 covering 100 computers Segment D: 131.44. Segment A: 131.0/27 D.0/24.107.42.0/23 Segment B: 131.45.107.45.107. Segment A: 131.0/25 Segment B: 131.107.107. Segment C: 131. Segment B: 131.107.0/25.46.107.107.45.42. Segment A: 131.128/26 Segment C: 131.107.128/25 Segment D: 131.107.43.107. you need to configure Segment A: 131.107. Segment A: 131. Actualtests.45.128/27 B.107.128/27 can have 32 computers covering 15 nodes The sum of above subnets gives the required number of computers in the subnet.192/27 Segment D: 131.0/23 can have 512 computer covering 300 computers.107.40.128/27 Segment A: 131.43.107.

10) connects your segment to the Internet. However.1.129.64. Change the IP address to 192.1) assigned to it. Route add -p 10.php QUESTION 29: You are an enterprise administrator for Certkiller .128. The Private1 segment has a network address of 10. B.4.45.com . the server cannot communicate to the gateway (192. Which of the following commands would you choose to add a persistent route for the Private1 network to the routing table on Certkiller 1? A.wikipedia.1 Actualtests.0/26.0/26 10.128.46.192.128. which can have 254 hosts.255.cx/ip-subnetting-mask-effect.255.200.186. Change the subnet mask to a 24-bit mask.10 B.168.255. Subnet mask: 255. C.168. the server should have in the same subnet and therefore the subnet of the server needs to be changed to 24bit.4. D.128. To communicate with the gateway.128. Answer: D Explanation: To ensure that all users are able to connect to the server. and Default gateway: 192.64. the users of the server on remote subnets reported that they are unable to connect to the server. However.4.45. The corporate network of the company runs Windows Server 2008 servers. Change the subnet mask to a 27-bit mask.45.org/wiki/Subnetwork QUESTION 28: You are an enterprise administrator for Certkiller .255.The Power of Knowing . Which of the following changes you need to ensure all users are able to connect to the server? A.168.128.168. A computer named Certkiller 1 requires access to servers on the Private1 network.255.45. you need to change the subnet mask to a 24-bit mask. Change the IP address to 192.192 10. 255.firewall.0 mask 255. A router named R2 joins your subnet with a segment named Private1.070-642 Reference: Subnetwork http://en. Route add -p 10.255.168. A new server has been deployed in the domain with the IP address: 192. Reference: Subnet Masks & Their Effect http://www. The corporate network of Certkiller consists of a single Active Directory domain that is configured with IPv4 Ethernet network. the Certkiller 1 is unable to connect to the Private1 network by using the current configuration.64.192 assign to the server can have maximum 2 hosts and because the subnet comes in different network. A router named R1 (IP address 10. Because the subnet.

) A.128. The company consists of a head office and a BRanch office. Route add -p 10. You have recently installed a new Windows Server 2008 server in the BRanch office and configured it with two network interfaces.070-642 C. Run the netsh ras ip set access ALL command on the server at the BRanch office.128. Route add -p 10. Which of the following options would you choose to configure routing on the server at the BRanch office? (Choose two.255. Each correct answer presents part of the solution. D.128.128.4. C.64.10. Run the netsh interface ipv4 enable command on the server at the BRanch office. C Explanation: To configure routing on the server at the BRanch office.1 D.com/windowsserver2008/en/liBRary/62736172-aa83-43ba-a844f1c548f5a4ac1033.4.4.64. You cannot use Network shell (netsh) is a command because it only allows you to configure and display the status of various network communications server roles and components after they are installed on computers running WindowsServer2008 and does not allow you to configure routing.10 mask 255. This is because 10.0/22 10.msp Reference: Network Shell (Netsh) http://technet2.128. The corporate network of the company consists of a single Active Directory domain. B. Install the Routing and Remote Access role on the server at the BRanch office. Enable the IPv4 Router Routing and Remote Access option on the server at the BRanch office. Reference: What's New in Routing and Remote Access/ To install Routing and Remote Access / To configure and enable the Routing and Remote Access service http://technet2.ms Actualtests.255. you need to add command Route add -p 10.128.The Power of Knowing . QUESTION 30: You are an enterprise administrator for Certkiller . you need to first install the Routing and Remote Access role on the server and then enable the IPv4 Router Routing and Remote Access option on the server. Answer: A. The company's network uses IPv4 networking.192 10.10 is your IP gateway to the second subnet.0 Answer: A Explanation: To add a persistent route for the Private1 network to the routing table on Certkiller 1.0/26 10.0/26 is the IP subnet you desired to connect and 10.64.4.com/windowsserver2008/en/liBRary/8603ec40-4ca4-4158-b5dbdc22336141eb1033.microsoft. All the servers in the domain run Windows Server 2008.com .128.microsoft.128.4.

com forest contains six domains under it. All the five domains contain two DNS servers and each DNS server hosts Active Directory-integrated zones for all five domains. The Certkiller . Conditional forwarding is used to speed up name resolution in scenarios where companies resolve each other's namespace in a situation where companies collaborate or merge. Certkiller has recently merged with a company called TechBlasters that also consists of a single Active Directory forest having a single domain. C.com . B. Which of the following options would you choose to configure the DNS system in the Certkiller forest to provide name resolution for resources in both forests? A. Configure client computers in the Certkiller forest to use the TechBlasters DNS server as the alternate DNS server.The Power of Knowing . Enlist the directory partition for all DNS server by creating a new application directory partition in the Certkiller forest. All DNS servers in the forest run Windows Server 2008. Create a new conditional forwarder in the Active Directory and then replicate the new conditional forwarder to all DNS servers in the Certkiller forest. Reference: DNS Conditional Forwarding in Windows Server 2003 http://www. Answer: C Explanation: To configure the DNS system in the Certkiller forest to provide name resolution for resources in both forests. On one of the DNS servers in the Certkiller forest. You need to then replicate the new conditional forwarder to all DNS servers in the Certkiller forest.) Actualtests. The company consists of a single Active Directory forest that has five domains. All domain controllers on the corporate network run Windows Server 2008. Which of the following actions would you choose to ensure that all public DNS queries are channeled through a single-caching-only DNS server? (Select all that apply.windowsnetworking. create a new host (A) record and then configure the host (A) record by using the TechBlaster domain/forest details.com. The corporate network of Certkiller consists of a single Active Directory forest called Certkiller . you need to create a new conditional forwarder and store it in Active Directory.070-642 QUESTION 31: You are an enterprise administrator for Certkiller . D.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_20 0 QUESTION 32: You are an enterprise administrator for Certkiller .

Reference: Configure a caching-only DNS forwarder in Windows 2000 Server http://articles.com.0.com B.comon on Certkiller Server1? A.0. you can either configure a forwarder or configure root hints on the caching only DNS Server. ipconfig /registerdns:local. The network interface is configured with the static IP address as 10. dnscmd Certkiller Server1/ZoneAdd local. C. Certkiller .1 primary C. servers forward all queries that they cannot answer to another server. In some configurations.com/5100-10878_11-5819265. Configure a forwarder. a list of names and IP addresses) that enable them to query the DNS root servers.com/Primary /file local. Certkiller . caches the results. netsh interface ipv4 set dnsserver name=local. The server has the DNS server role installed on it. D.techrepublic. B. It receives queries from clients.The Power of Knowing . A caching-only DNS server reduces outgoing DNS traffic and speeds up name resolution. In other configurations. DNS servers include root hints (that is. Configure a GlobalNames host (A) record for the hostname of the caching DNS server.com static 10.0. C Explanation: To ensure that all public DNS queries are channeled through a single-caching-only DNS server. Which of the following options would you choose to create a DNS zone named local. Configure the root hints.com/DSPrimary D.ms QUESTION 33: You are an enterprise administrator for Certkiller .com/windowsserver2008/en/library/aeb2265d-8965-4b7e-bb28704c36be4d401033.com. Certkiller . Forwarding and root hints are both methods that DNS servers can use to resolve queries for which they are not authoritative. Certkiller . Certkiller . E.microsoft.0. dnscmd Certkiller Server1/ZoneAdd local. The corporate network of Certkiller consists of a Windows Server 2008 Core installation server called Certkiller Server1. Enable BINDsecondaries on a DNS Server. None of the above Answer: A.1. which are upstream DNS servers to which the local DNS server will forward queries (essentially acting as a DNS client). and returns those results to the client. The Certkiller Server1 consists of a single network interface that is named as Local Area Connection. You can set up a caching-only server by configuring the DNS service with one or more forwarders.070-642 A. Certkiller . performs the queries against other name servers.html Reference: Reviewing DNS Concepts http://technet2.dns Actualtests.com .

Uninstall the DNS service on Certkiller Server1 and then install it again. Certkiller .com/windowsserver/en/library/d652a163-279f-4047-b3e00c468a4d69f31033.The Power of Knowing . C.microsoft. Change all the DNS zones on Certkiller Server1 to stub zones. Reference: Install the DNS Server service Actualtests.com.com having a single Active Directory domain called ad.comon on Certkiller Server1.com/Primary /file local.mspx?m QUESTION 34: You are an enterprise administrator for Certkiller . Certkiller .com. B. Certkiller . Reference: Dnscmd Syntax http://technet2.com DNS zone domain from Certkiller Server1 and then restart the DNS service on the server. Certkiller . ZoneNamespecifies the name of the zone. you need to use dnscmd Certkiller Server1/ZoneAdd local. Delete the ad. Therefore this zone type is used here instead of /dsprimary which creates an Active Directory-integrated zone which is not required in this scenario. Certkiller . Uninstalling and reinstalling DNS service will remove all the previously configured data from Certkiller Server1. ZoneTypespecifies the type of zone to create.070-642 E. D. The syntax for the command is dnscmd [ServerName] /zoneadd ZoneName ZoneType [/dp FQDN|{/domain|/enterprise|/legacy}] Where ServerName specifies the DNS server.com.com . The Certkiller . Each type has different required parameters. None of the above Answer: D Explanation: To create a DNS zone named local. /primary /file FileNameCreates a standard primary zone and specifies the name of the file that will store the zone information. you need to uninstall and reinstall the DNS service on Certkiller Server1. The Server hosts multiple secondary zones including ad. Certkiller . Which of the following options would you choose to reconfigure Certkiller Server1 as a caching-only DNS server? A. The corporate network of Certkiller consists of a single Active Directory forest called Certkiller .dns command. Disable the DNS service on Certkiller Server1 and then enable it again. Answer: D Explanation: To reconfigure Certkiller Server1 as a caching-only DNS server.com runs a member server called Certkiller Server1 that has the DNS server role installed on it. Dnscmd/ ZoneAdd command adds a zone to the DNS server.

However. All the servers in the domain run Windows Server 2008. The corporate network of the company consists of a single Active Directory domain.com . The company has a head office and 15 branch offices. Create a network policy for VPN connections and configure the Day and time restrictions accordingly.1. D.0.com/downloads/details. Another server called Certkiller Server2 exists that runs a Server Core installation of Windows Server 2008.The Power of Knowing .aspx?FamilyID=729bba00-55ad-4199-b441378cc3d900a7&displa QUESTION 36: You are an enterprise administrator for Certkiller . The branch office computers use VPN connections to connect to the head office computers.com/windowsserver/en/liBRary/421cd57a-9fd4-42da-8d22067738f034ee1033. the NAP enforcement is delayed until the specified date and time. The network interface on all the computers is named LAN and all computers are configured to use only Certkiller server1 for DNS resolution. None of the above Answer: A Explanation: To ensure that users cannot access the VPN server remotely from 21:00 to 06:00. B. Which of the following options would you choose to ensure that users cannot access the VPN server remotely from 21:00 to 06:00? A. E.microsoft. Configure the Logon hours for all user objects by specifying only the VPN server on the Computer restrictions option. The corporate network of the company consists of a single Active Directory domain.168. where all servers run Windows Server 2008. which allow clients to temporarily access full network.mspx?m QUESTION 35: You are an enterprise administrator for Certkiller . C. you need to create a network policy for VPN connections and then modify the Day and time restrictions. The network policy provides a policy conditions called "Allow full network access for a limited time". Configure the Logon Hours for the default domain policy by enabling the Force logoff when logon hours expire option. Actualtests. The IP address of Certkiller Server1 is 192. The domain runs a Server called Certkiller server1 on which both DHCP Server role and the DNS Server role are configured. Create a network policy for VPN connections and apply an IP filter to deny access to the corporate network. Reference: Step By Step Guide: Demonstrate VPN NAP Enforcement in a Test Lab / NAP enforcement and network restriction http://www.070-642 http://technet2.microsoft.

168.dirteam. B. You can view the identification flags when you use the command netsh interface ipv4 show interfaces. Run the netsh interface ipv4 add dnsserver "LAN" static 192.0. IPAddress is the static IPv4 Address you want to provide to your Network Connection to use as the DNS server.com . the Certkiller server1 has temporarily gone offline and a new DNS server called Certkiller Server3 has been configured to use the IP address 192.1 both command Certkiller Server2. You need not configure Server 2 because it is already configured and is currently offline. In the first command this IP Address represents the primary DNS server.0. the higher the DNS Server is added to the DNS Server list. Run the netsh interface ipv4 set dnsserver "LAN" static 192.168. Answer: A Explanation: To configure Certkiller Server2 to use Certkiller Server3 as the preferred DNS server and Certkiller Server1 as the alternate DNS server.254 index=1 command on Certkiller Server2.168.The Power of Knowing .0. For a secondary DNS server you can use index 2.070-642 However.0.168. due to some problem. Part 2 / Configuring DNS Servers http://blogs.168.com/blogs/sanderberkouwer/archive/2008/01/26/windows-server-core-ip-configurationpartActualtests. Reference: Windows Server Core IP Configuration.0. C.254 primary command and the netsh interface ipv4 set dnsserver "LAN" static 192.254 index=1 command. Which of the following options would you choose to configure Certkiller Server2 to use Certkiller Server3 as the preferred DNS server and Certkiller server1 as the alternate DNS server? A.168.254. Run the netsh interface ipv4 set dnsserver "LAN" static 192. For further DNS servers you can add IP addresses with higher index numbers.254 192. When you only have one Networking Interface Card (NIC) the IDx of this card will be Local Area Connection. ListNumber is the position in the DNS server list where you want to add the DNS Server address.0. In the second command this IP Address represents the secondary DNS server. In the above scenario Index=1 represents that the DNS Server added is the primary DNS Server. The actual command is: netsh interface ipv4 add dnsserver [name=]"IDx" [address=]IPAdress [index=]ListNumber Where: IDx is the Identification of the Networking Interface for which you want to change the address.254 primary command and the netsh interface ipv4 add dnsserver "LAN" static 192. Run the netsh interface ipv4 set dnsserver "LAN" static 192.1 index=1 command Certkiller Server2.168.168. you need to run the netsh interface ipv4 add dnsserver "LAN" static 192. The lower the number.168.1 both command Certkiller Server2.0.0.0. D.

com. Certkiller .com . Certkiller . Certkiller . The domain controller is called CK1 . Switch the DNS ad. On a single domain. All of the above Answer: C Explanation To ensure that the DNS service on CK2 update records and answer queries in case of WAN link failure. Execute the dnscmd/zoneexport command B. you install CK2 (new domain controller) in the BRanch office and configure a DNS on it. By doing this the DNS will update the records and answer queries using the Active Directory infrastructure. Execute the ipconfig/registerdns command Actualtests. this DNS server is included in the DNS zone of ad. Certkiller .com zone on DC1 in main office to an Active Directory-integrated zone. Set the DNS server on CK2 to forward all requests to CK1 in the main office C. QUESTION 38: Certkiller .com on CK2 B.The Power of Knowing . Certkiller has an Active Directory Forest named ad. Configuring a standard secondary DNS zone on CK2 is out of the context in this scenario because a secondary DNS zone will not help the DNS service to update records and answer queries.com has a DNS server with 20 Active Directory-integrated zones. The BRanch office is connected to the main office through WAN link. Certkiller .com.com zone on DC1 in main office to an Active Directory-integrated zone D. you should switch the DNS named ad.com on CK2 is of no use in this scenario because a stub zone needs WAN link to communicate. Since you need a new domain controller in the BRanch office. This domain has one domain controller that is located at the main office. Certkiller has a main office and one BRanch office. What should you do to ensure that the zone files copies of the DNS server are readily available to the auditor? A. FaBRicate a standard secondary DNS zone on CK2 E. Execute the ntdsutil Parition Management List commands C. Certkiller . What would you do to ensure that the DNS service on CK2 update records and answer the queries in case there is a WAN link failure? A. Execute the dnscmd/zoneinfo command D. Configured as a standard primary zone.070-642 QUESTION 37: You are an administrator at Certkiller . Setting the DNS on CK2 to forward requests to CK1 is also not an option in this scenario because CK1 is configured as standard primary zone. Configuring a new stub zone of ad. Configure a new stub zone of ad. There is an audit going on in the company and one of the auditors has asked you to provide DNS zone records. CK1 is also a DNS server.com.

Reconfigure the Certkiller 1 DNS server and connect it to the domain D. Delete the DNS cache on Certkiller 2 server C.(root) zone from the Certkiller 2 DNS server. ipconfig is used to view the IP addresses. To enable DNS forwarding. the DNS server sends requests to the forwarders and then tries resolution by using root servers. The .(root) zone on Certkiller 2 server. Configure the Certkiller 1 server so it has a .com . There are two DNS servers in the network named Certkiller 1 and Certkiller 2 The DNS servers are configured as shown in the exhibit.The Power of Knowing . None of the above Answer: A Explanation To ensure that the zone file copies of the DNS server are available to the auditor.(root) zone on Certkiller 2 server E. You cannot use dnscmd/zoneinfo command because this command will display the zone info and will not export the zone files to a folder. you should use the command dnscmd/zoneexport. What should you do to enable Internet name resolution for all client machines? A. Update the . None of the above Answer: E Explanation In this scenario. Windows Server 2008 follows specific steps for host name resolution. The server checks its zone records after querying its cache. It is also used to view DNS servers. gateway addresses and other configurations. After that.(root) zone B. Delete the . you should delete the . You cannot use ntdsutil Partition management List commands because these commands are used to view and manage partitions. This disables the DNS forwarding option and the DNS cannot act as a forwarder. QUESTION 39: Exhibit: Certkiller . F. The Certkiller 2 server contains root zone by default. This command will export zone file copies and the auditors can view those. Actualtests.(root) zone is creating a problem. You cannot use ipconfig/registerdns command because this command is used to register the dns server and view the DNS servers. The problem is that the domain users who have Certkiller 2 as their preferred server are unable to connect to the Internet.com has Active Directory domain.070-642 E.

This is because a single zone becomes overburdened and consumes valuable bandwidth to serve the queries and responses of the client computers at the BRanch office. you need to install DNS servers in each of the BRanch offices so that separate DNS zones can be created for each BRanch office.com . C. you can manage name resolution for Actualtests. B. Each correct answer will form a part of the answer. Configure each the BRanch office with a standard primary zone. The BRanch office users often complain that it takes them a long time to connect to the network resources and access them. You can use dnscmd/zonedelete parameter and specify the name of the DNS zone that you want to delete. Forwarders cannot be configured in the BRanch office because they do not contain any DNS servers.) A. The domain controller in the head office has a Windows Server 2008 server running with a DNS role installed on it.The Power of Knowing . This DNS server provides DNS services to all the offices of the company. and a secondary zone for another portion. this replication is called a zone transfer. Answer: C. you should distribute copies of a zone file among several name servers. One file is designated the primary zone. Install forwarders in the BRanch office and configure them to point to the DNS server in the main office. The company has a head office and three BRanch offices. To resolve the problem. Configure a secondary zone in each BRanch office and ensure that it uses the main office DNS server as a master. Which of the following two actions would you perform to ensure that users in the BRanch offices are able to access network resources as quickly as possible? (Select two. You need to then configure a secondary zone in each of the BRanch offices that uses the main office DNS server as a master. and the changes replicate to the secondary zones. D Explanation: To ensure that users in the BRanch offices are able to access network resources as quickly as possible. For the quick access of network resources. QUESTION 40: You are an enterprise administrator for Certkiller . Administrators make changes to the primary zone.exe command-line utility. D. and the others are secondary zones. A name server is not necessarily "primary" or "secondary": it might hold the primary zone for one portion of the organization's name space. Install DNS servers in each of the BRanch offices. By using a forwarder. you tried to test the WAN connectivity and the bandwidth but did not find any problem with them.070-642 you have to delete the root zone. To delete the root zone you can either use the DNS snap-in or the dnscmd. Besides this each BRanch office consists of a file server that runs Windows Server 2008. The corporate network of the company consists of a single Active Directory domain.

Configure an application directory partition in the TechBlaster forest to enlist all DNS servers in the TechBlaster forest in the partition.com to replicate to all DNS servers in the forest. A stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone.com/windowsserver/en/liBRary/a3cf0184-0594-4e78-8247609f038434381033.com. Configure the Zone Replication Scope for TechBlaster. Reference: Getting Started With Microsoft DNS Server Primary and Secondary Zones http://www. especially in a split namespace scenario.mspx?m QUESTION 41: You are an enterprise administrator for Certkiller . Answer: A Explanation: To ensure name resolution for users in Certkiller .com forest in the partition. Due to some network changes.mspx?mfr=true Reference: Understanding forwarders http://technet2. The domain contains an Integrated Active Directory DNS zone The partner company of Certkiller called TechBlaster also consists of a domain called techblasters.The Power of Knowing .com.microsoft. D.com . create a stub zone for TechBlaster.com. Configure an application directory partition in the Certkiller .com/articles_tutorials/DNS_Stub_Zones. you need to create a stub zone for partner. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces Reference: DNS Stub Zones in Windows Server 2003 http://www.com? A.com to the resources in techblasters. the IP addresses of the DNS servers in the techblasters.com/technet/archive/winntas/plan/dns0197. Which of the following options would you choose to ensure the name resolution for users in Certkiller .com.html Actualtests.com Stub zones are a new feature of DNS in Windows Server 2003 that can be used to streamline name resolution.com need to be changed. A stub zone is used to resolve names between separate DNS namespaces.com to access resources in partner.070-642 names outside of your network.com. The Certkiller . B.com domain also consists of an Integrated Active Directory DNS zone.microsoft.com forest to enlist all DNS servers in the Certkiller . The corporate network of Certkiller consists of a single domain called Certkiller . C. such as names on the Internet and not the names on the internal network.com on each DNS server in contoso.windowsnetworking. On each DNS server in Certkiller .

D. Reference: dnscmd /zoneupdatefromds http://technet2.070-642 QUESTION 42: You are an enterprise administrator for Certkiller . However. Each branch office has a DNS Server running that hosts a secondary zone for the domain. the branch office has Read-Only Domain Controllers (RODC). The corporate network of the company consists of a single Active Directory domain.The Power of Knowing . C. you realized that the zone transfer fails. B. Run the dnscmd /ZoneUpdateFromDs command on the branch office servers. Besides. None of the above. the Active Directory-integrated DNS zones are configured on the domain controllers of both the offices and all the client computers are configured to use the local domain controllers for DNS resolution.msp QUESTION 43: You are an enterprise administrator for Certkiller . Which of the following options would choose to configure DNS to provide zone data Actualtests. The company has recently opened a new branch office and added a new member server called Certkiller Server4 in it. Both offices have the domain controllers running in them. you need to run the dnscmd /ZoneUpdateFromDs command on the branch office servers. Run the dnscmd /ZoneUpdateFromDs command on a domain controller in the head office. You installed the DNS service on it and configured a secondary zone on that server for the domain. E. However. after all these installations on Certkiller Server3.microsoft. Which of the following options would you choose to reflect the change immediately at the branch office DNS servers.com/windowsserver2008/en/library/e7f31cb5-a426-4e25-b71488712b8defd51033. All the branch office DNS servers use the DNS servers located in the head office as their DNS Master servers for the zone. The company consists of a head office and a branch office. All the servers in the domain run Windows Server 2008. The Domain controllers in the head office host an Active Directory-integrated zone. The company has a head office and three branch offices. On the Start of Authority (SOA) record for the zone.com . decrease the Minimum (default) TTL option to 15 minutes. Use the standard domain controllers at the branch offices instead of using RODCs. if you change the IP address of an existing server in the head office? A. This command updates the specified ActiveDirectory-integrated zone from ADDS. Answer: B Explanation: To reflect the change immediately.

Certkiller .techblasters.com domain.adobepress.com/9780596514112/active_directory-integrated_zones Reference: Enabling Zone Transfers from another DNS server http://www. Configure the Primary DNS Suffix Devolution option to False. C. To enable zone transfers for a single zone.The Power of Knowing . The corporate network of Certkiller consists of an Active Directory domain named ad. Active Directory-Integrated Zones http://safari. Certkiller .com domain and the ad. ad. Certkiller . Add the new DNS server to the DNSUpdateProxy Global security group in Active Directory Users and Computers. B.070-642 to the DNS server in the new branch office? A.com.com domain? A.com domain to access resources in the ad. select the "Zone Transfers" tab.techblasters. Answer: A Explanation: To configure DNS to provide zone data to the DNS server in the new branch office. ad. which also had an Active Directory domain named ad. A two-way forest trust is established between the ad.techblasters.com. Then in the DNS Records window. Certkiller has recently acquired a company called TechBlasters. Use Zone Transfers tab on one of the DNS servers in the main office and add the new DNS server to it. You can use any DNS servers in the main office because main office hosts an Active Directory-integrated zone and effectively.simpledns.com/kb.techblasters. Run dnscmd /ZoneResetSecondaries command.com .aspx?kbid=1156 QUESTION 44: You are an enterprise administrator for Certkiller . and specify which IP addresses are allowed to zone transfer: Reference: 4. Which of the following options would you choose to edit the ad. you need to click the "Records" button in the main window. Certkiller .com. D. Certkiller . all nameservers using Active Directory-integrated zones are primary nameservers. None of the above. Certkiller .com.com domain Group Policy object (GPO) so that you may be able to enable users in the ad. The domain controllers of TechBlasters also run Windows Server 2008. Configure the DNS Suffix Search List option to ad.techblasters. Run dnscmd /ZoneResetMasters command. you need to add the new DNS server to the Zone Transfers tab on one of the DNS servers in the main office. B. Configure the Primary DNS Suffix option to ad. E. Actualtests.8. In the "Zone Properties" dialog. All domain controllers in the domain run Windows Server 2008 and all client computers run Windows Vista. right-click on the zone that you wish the enabled zone transfers for and select "Properties" from the popup menu.com.com.

The corporate network of Certkiller consists of a single Active Directory domain called ad. Certkiller . DNS Suffix Search List needs to be configured where disjoint namespaces exist.techblasters. Deselect the Notify feature for the Certkiller . Configure the Primary DNS Suffix Devolution option to True. B.Read permission. Configure the Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries option to True.microsoft.com zone. D.com and a public namespace called Certkiller . disable the Allow . When you make the transition to a disjoint namespace. Answer: B Explanation: To enable users in the ad.com.aspx Reference: Create a Disjoint Namespace / Update the DNS suffix search list http://technet2.com/en-us/liBRary/bb676377(EXCHG.com. Which of the following options would you choose to ensure that the public DNS zone records cannot be copied without impacting the functionality of public DNS name resolutions? A.com domain to access resources in the ad. C. Certkiller .com exist.com. Certkiller . Enable the All domain controllers in the domain zone replication option on ad.techblasters.com and ad. In the Everyone group on the Certkiller . ad.techblasters. Reference: Understanding Disjoint Namespace Scenarios with Exchange 2007 http://technet. Certkiller . you need to configure the DNS Suffix Search List option to ad. Certkiller .techblasters. Certkiller .com DNS domain. As in this case the two namespaces.070-642 C. A disjoint namespace scenario is one in which the primary DNS suffix of a computer does not match the DNS domain name where that computer resides.com.The Power of Knowing .msp QUESTION 45: You are an enterprise administrator for Certkiller . ad. A merger or acquisition may cause you to have a topology with a disjoint namespace.80).com .microsoft.com. Configure the Primary DNS Suffix option to ad. E. Enable the Allow zone transfers only to servers listed on the Name Servers option on Certkiller . you need to create customized DNS suffix search lists to ensure that clients can locate services and other computers when they perform single-label name queries. None of the above. D.com/windowsserver2008/en/liBRary/afe94bc3-41fb-4817-84b55517c38a0d391033. Answer: B Explanation: Actualtests.com .com. ad.com domain.

This is because it contains entry that includes the name of the machine on which this file was created.com? A. Client computers outside the company domain are unable to send e-mail messages to the company's domain. B. The domain runs a Windows Server 2008 domain controller on which DNS role is configured.google. where all servers run Windows Server 2008.com. C. followed by the name of the responsible person in "dotted email address" form. D. Which of the following domain controller record would you modify/create to ensure that inquiries about Certkiller . and an e-mail server named Certkiller Server2. The Signature (SIG) record.htmlgoodies. Reference: An Introduction to DNS http://www.com/0735613540/IDAFMSU QUESTION 47: You are an enterprise administrator for Certkiller . The corporate network of Certkiller consists of a single Active Directory domain. The domain consists of a public DNS server named Certkiller Server1. The Start of Authority (SOA) record.com . Replace the first dot with an @ sign that allows you to ensure that inquiries of a domain are sent to the specified responsible person of the domain on the email address specified. To find out the problem you verified the availability of host (A) DNS record for Certkiller Server2 to external client computers and found it Actualtests.com are sent to dnsadmin@ Certkiller . The DNS domain is named as Certkiller .com. E. Reference: DNS Zones http://books.php/3473261 Reference: Updating Zone Properties and the SOA Record http://safari. you need to configure the Allow zone transfers only to servers listed on the Name Servers option on contoso.070-642 To ensure that public DNS zone records cannot be copied without impacting the functionality of public DNS name resolutions.com.in/books?id=pL89TOMFcHsC&pg=RA1-PA244&lpg=RA1-PA244&dq=Allow+zone+tr QUESTION 46: You are an enterprise administrator for Certkiller . The corporate network of the company consists of a single Active Directory domain called Certkiller . None of the above Answer: C Explanation: To ensure that inquiries about Certkiller . This setting allows you to restrict zone transfers only to DNS servers listed in the Name Servers resource option on contoso. you need to modify the Start of Authority (SOA) record on the domain controller.com. The Service Locator (SRV) record.co.awprofessional.comare sent to dnsadmin@contoso.The Power of Knowing . The Name Server (NS) record.com/beyond/webmaster/article.com.

They are used to locate the receiving mail servers for a given host. which is required for its configuration. On the Start of Authority (SOA) record of Certkiller . E.The Power of Knowing .com. and the Port Number to 25. called Certkiller Server1 and Certkiller Server2 on which DNS server role is installed. add a Mailbox (MB) record and set the Mailbox Host setting to Certkiller Server2.com/support/kb/email_mail_exchangers_and_dns. The destination mail server record must be a host (A) record.com . C. and DNS http://www. you need to add a Mail Exchanger (MX) record for Server2. For Certkiller Server2.070-642 ok. For Certkiller Server2.com DNS zone to ensure that Certkiller Server2 can receive e-mail messages from external client computers? A. Besides this. B. You can configure Mail Exchanger (MX) record for Server2 also because host (A) DNS record for Server2 is available to external client computers.com increase the Retry Interval Actualtests. D. It requires Mail Exchanger field that defines the destination host record for your mail server. add a Service Location (SRV) record and set the Service field to _smtp and the Protocol field to _tcp. Mail Exchangers. B. Sometimes the non-RFC-compliant servers fails to deliver email for domains that lack MX records.com Decrease the Time-to-Live (TTL) to 15 minutes. On the Start of Authority (SOA) record of Certkiller . Add a Canonical (CNAME) record that maps Certkiller Server2 to Certkiller . All the servers in the domain run Windows Server 2008.dyndns. MX records control how e-mail is delivered. not a CNAME or IP address Reference: E-mail. Which of the following options would you choose to configure the Certkiller . another server called Certkiller Server3 is configured to forward all DNS requests to Certkiller Server2. Which of the following options would you choose to ensure that Certkiller Server3 is able to immediately resolve the updated DNS record if you update a DNS record on Certkiller Server2? A. The corporate network of the company consists of a single Active Directory domain. add a Mail Exchanger (MX) record. and the order of priority of these mail servers. including certain versions of Microsoft Exchange. Answer: A Explanation: To ensure that Server2 can receive e-mail messages from external client computers.html QUESTION 48: You are an enterprise administrator for Certkiller . None of the above. For Certkiller Server2. The domain runs two members servers.

070-642
value to 15 minutes.
C. Run the ipconfig /flushdns command on Certkiller Server3.
D. Run the dnscmd /clearcache command on Certkiller Server3.
E. None of the above
Answer: D
Explanation:
To ensure that Certkiller Server3 is able to immediately resolve the updated DNS record,
you need to run the dnscmd . /clearcache command on Certkiller Server3.
This is because both the DNS server and the local DNS resolver cache any records they
receive for a period of time determined by a TTL setting in the record. The SOA for the
zone determines the default TTL, which is one hour for Windows DNS servers. To
ensure that server immediately finds the updated record, you need to use the Clear Cache
option in the server's property menu in the DNS console or use the Dnscmd utility with
the syntax dnscmd /clearcache, so that less records needs to be searched.
Reference: dnscmd . /clearcache
http://technet2.microsoft.com/windowsserver2008/en/library/e7f31cb5-a426-4e25-b71488712b8defd51033.msp
Reference: 10 DNS Errors That Will Kill Your Network
http://mcpmag.com/features/article.asp?editorialsid=413
QUESTION 49:
You are an enterprise administrator for Certkiller . The corporate network of the
company consists of a single Active Directory forest that has five domains
configured in it. All the servers in the domain run Windows Server 2008 and all
domain controllers are also configured as DNS servers.
Which of the following options would you choose to ensure that users from all the
domains are able to access a Web server named WebApp by BRowsing to http:
//WebApp?
A. Configure the WebApp Web server to enable DFS-R on it.
B. Create a GlobalNames zone on a DNS server and then replicate the GlobalNames zone
to all domain controllers in the forest then create a host (A) record for the WebApp Web
server in the zone.
C. Create a LegacyWINS zone on a DNS server and then replicate the GlobalNames zone
to all domain controllers in the forest then create a host (A) record for the WebApp Web
server in the zone.
D. Create a host (AAAA) record for the WebApp Web server in the DNS zone for the
forest root domain.
E. All of the above
Answer: B
Explanation:
Actualtests.com - The Power of Knowing

070-642
To ensure that users from all domains are able to access a Web server named WebApp by
BRowsing to http: // WebApp, you need to create a zone named GlobalNames on a DNS
server, replicate the GlobalNames zone to all domain controllers in the forest, and then
create a host (A) record for the WebApp Web server in the zone.
GlobalNames Zone (also known as GNZ) is designed to enable the resolution of the
single-label, static, global names for servers using DNS. GNZ is intended to aid the
retirement of WINS, and it's not a replacement for WINS. GNZ is not intended to support
the single-label name resolution of records that are dynamically registered in WINS,
records which typically are not managed by IT administrators.
Reference: Understanding GlobalNames Zone in Windows Server 2008
http://www.petri.co.il/windows-DNS-globalnames-zone.htm
QUESTION 50:
You are an enterprise administrator for Certkiller . The company has a head office
and three BRanch offices. The Domain controllers in the head office host an Active
Directory-integrated zone.
Each BRanch office has an application server and a DNS Server running. The DNS
server hosts a secondary zone for the domain. All the BRanch office DNS servers use
the DNS servers located in the head office as their DNS Master servers for the zone.
All the BRanch office users access their local application server by using its fully
qualified domain name. Which of the following options would you choose to ensure
that users in the BRanch offices can access their local application server even if the
WAN links are down for three days?
A. On the Start of Authority (SOA) record for the zone, increase the Refresh Interval
setting to 4 days.
B. Enable Scavenge Stale resource records in the Zone Aging / Scavenging Properties
dialog box and set the Refresh setting to 4 days.
C. Enable Scavenge Stale resource records in the Zone Aging / Scavenging Properties
dialog box and set the No-refresh interval setting to 4 days.
D. On the Start of Authority (SOA) record for the zone, increase the Expires After setting
to 4 days.
E. None of the above
Answer: D
Explanation:
To ensure that users in the BRanch offices can access their local application server even if
the WAN links are down for three days, you need to increase the Expires After setting to
4 days on the Start of Authority (SOA) record for the zone. The Start of Authority (SOA)
tab is the location on the Zone Properties dialog box where you can configure options or
settings that are specific for the SOA resource record for the zone.
The Expires After field has a default setting of 24 hours. The value of this field
determines the time duration after which a secondary DNS server that has no contact with
its configured master server discards zone data. You can change this setting according to
Actualtests.com - The Power of Knowing

070-642
your requirements. In this case you can change it to 4 days so that DNS server that has no
contact with its configured master server does not discard zone data till 4 days so that
users in the BRanch offices can access their local application server.
The Zone Aging / Scavenging Properties need not be configured because they perform
cleanup and removal of stale resource records (RRs), which can accumulate in zone data
over time. With dynamic update, RRs are automatically added to zones when computers
start on the network. However, in some cases, they are not automatically removed when
computers leave the network. Thus they contain stale entries which may lead to wrong
information.
Reference: Installing and Configuring DNS / Configuring DNS Zone Properties
http://www.tech-faq.com/installing-and-configuring-dns.shtml
QUESTION 51:
You are an enterprise administrator for Certkiller . The corporate network of
Certkiller consists of a single Active Directory forest called Certkiller .com. The
Certkiller forest consists of two domains called na. Certkiller .com and
sa. Certkiller .com for its North and South zone offices.
All the server in the domain run Windows Server 2008 and client computers run
Windows Vista. Which of the following options would you choose to configure the
client computers in the North zone office to improve the name resolution response
time for resources in the South zone office?
A. Create and configure a GPO with the Local-Link Multicast Name Resolution feature
enabled and apply the policy to all the client computers in the North zone office.
B. Create and configure a GPO with the Local-Link Multicast Name Resolution feature
disabled and apply the policy to all the client computers in the North zone office.
C. Create and configure a GPO with DNS Suffix Search List option to sa. Certkiller .com,
na. Certkiller .com and apply the policy to all the client computers in the North zone
office.
D. Configure the priority value for the SRV records on each of the North zone domain
controllers to 5.
Answer: C
Explanation:
To configure the client computers in the North zone office to improve the name
resolution response time for resources in the South zone office you need to configure a
new GPO that configures the DNS Suffix Search List option to sa. Certkiller .com,
na. Certkiller .com. Apply the policy to all the client computers in the North zone office.
A customized DNS suffix search lists to ensures that clients can locate services and other
computers when they perform single-label name queries.
Link-Local Multicast Name Resolution cannot be used because it allows IPv6 hosts on a
single subnet without a DNS server to resolve each other names. Therefore it need not be
used here. DNS SRV records cannot be used because they are the service records, which
are a type of DNS entry that specify information on a service available in a domain. They
Actualtests.com - The Power of Knowing

070-642
are typically used by clients who want to know the location of a service within a domain.
When multiple hosts are configured for the same service, the priority determines which
host is tried first.
Reference: Create a Disjoint Namespace / Update the DNS suffix search list
http://technet2.microsoft.com/windowsserver2008/en/liBRary/afe94bc3-41fb-4817-84b55517c38a0d391033.msp
Reference: Introducing MS Windows Vista/ Learning about Dual Stack and IP
Management Enhancements
http://download.microsoft.com/download/5/7/8/578cbb95-c42e-4b9f-998993ffdeae8af4/Introducing_Windows_
Reference: Understanding DNS SRV records and SIP
http://blog.lithiumblue.com/2007/07/understanding-dns-srv-records-and-sip.html
QUESTION 52:
You install a Windows Server 2008 with routing and remote access on a server at
Certkiller .com. You configure the server to act as a corporate VPN (Virtual Private
Network) server. All the client computers at Certkiller .com have Windows XP
Professional, Windows 2000 professional or Windows Vista installed.
The remote users of Certkiller .com use this server to connect to the company's
network domain. Sensitive data is transmitted from the remote users through VPN
server. The company's security policy dictates that each user or computer should
use public key infrastructure (PKI) to connect to the domain for the transmission of
sensitive research data. You need to ensure that the VPN server meets those security
requirements. What should you do to secure the VPN connection?
A. Use the Kerberos version 5 authentication protocol to create a custom IPSec policy
B. Use the Pre-shared authentication by creating a policy for a highly secure data
transmission
C. Open the command line on the server and run secedit/refreshpolicy machine_policy
D. Implement L2TP/IPsec policy to create certificate-based authentication
E. None of the above
Answer: D
Explanation
The correct answer is option D. To secure the VPN connection, you don't have to create a
custom IPSec policy when there is a much easier way. Similarly, the option C is invalid
since it just refreshes the policy.
The L2TP/IPSec ensures that the data is transmitted securely by implementing the
Internet Protocol Security. The policy will create certificate-based authentication to
identify the users.
QUESTION 53:
Certkiller .com has 20 servers. As an administrator, you decide to add one more
server. You need to install Windows Server 2008 on the new server. You want to
Actualtests.com - The Power of Knowing

On the new server. Conjure up a remote access policy that enables users to authenticate by using Microsoft Challenge Handshake Authentication Protocol. execute the winrs -r <server core name> dir c:\Windows command D.vbs -ato script is used to activate windows remotely. version 2 (MS-CHAPv2) C. Which two actions should you perform to remotely connect to the installation server? (Choose two answers) A.The Power of Knowing . Certkiller has issued smart cards to all the employees in the domain group. Execute the netsh and set port status command on the Windows core installation server C. The server core name should be specified and then the location of the windows folder. It can be used after you install the windows Server 2008 on the new server remotely. What should you do to configure CKRA and your remote access policy to support the smart card service for dial-up connections? A. Execute Slmgr.com corporate network that has Windows Server 2008 installed as the main operating system. Use Shiva Password Authentication Protocol (SPAP) by creating a remote access policy that enables users to authenticate their connection through this protocol E.vbs -ato script on the Windows core installation server B. The other two options are not useable because the Server manager on the new server will not allow remote connection and the Slmgr. On the new server. you execute the windows remote service command and -r will specify the localhost or the NetBIOS name of the server. C Explanation: The answer is option B and C. Conjure up a remote access policy that enables users to authenticate their connection by using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) D. Install and configure Network Policy Server on CKRA B. Execute the Server Manager on the new server and connect it to the Windows core installation server Answer: B. CKRA provides routing and remote access to the members of the domain group. All of the above Answer: C Actualtests.070-642 remotely connect to a Windows Server 2008 core installation. The company policy allows domain group members to dial-in to CKR A. It is called CKRA. To increase the remote access security. The netsh command allows you to configure the Windows core installation server to accept the remote connection and 'set port status' command allows you to designate a port for the remote connection.com . QUESTION 54: There is a member server on the Certkiller .

you need to check the automatic updates option so you don't have to do the manual updates. QUESTION 56: As a network administrator for Certkiller . you have installed Windows 2008 Server on all the server computers of the company and Windows XP Professional Service Pack 2 and Windows Vista on all the client computers in the company. E. The company now wants all the computers to join the corporate network but wants to restrict non-compliant computers from communicating on the network. All of the above Answer: A Explanation In this scenario.The Power of Knowing . Install file-level anti-virus software on RRAS server and configure it to update automatically C. The computers must meet the system health requirements as stated in the corporate security policy. D. You need to configure a network health policy that requires anti-virus software to execute and check all the incoming files from the remote computer. What should you do to protect the corporate network against viruses and malicious programs that are transmitted from a remote computer? A. Create a network health policy that requires an anti-spyware to run on the RRAS server. Network policy and Access services B.070-642 Explanation: The correct option is C. You should create a remote access policy that allows users to use Extensible Authentication Protocol Layer Security (EAP . In order to keep the anti-virus database up to date. All other options like SPAP are not right because SPAP causes the remote access machine to send an encrypted password to the remote access server QUESTION 55: Certkiller . Put all remote users in an organizational unit and install antivirus software by creating a GPO. Ensure that it automatically updates itself.TLS) because EAP-TLS requires a user certificate for the user requesting access and a computer certificate for the authenticating server.com employs RRAS (Routing and Remote Access services) for remote user access. Create a network health policy that requires an anti-virus software running and updates itself frequently B. The remote user computer is the source of that virus that is infecting the domain members' computers. The remote users are not domain members. Routing and Remote Access services Actualtests. you should check the option A. You find out that a virus is infecting internal member computer through a remote user computer.com . Which of the following roles service you should install to achieve this? A.

None of the above Answer: B Explanation: To protect the network from virus infections transmitted via remote users. A network health policy can be configured by implementing NAP.070-642 C. Deploy anti-virus software on OU by using a group policy object (GPO) E. Create a separate OU for remote users. Terminal Services gateway E. A network health policy which enforces that an anti-spy ware application is running and is up to date will not help because the anti-spyware software does not give protection from virus infections. Deploying anti-virus software on RRAS server will not ensure the implementation of NAP. which of the following options would you choose to ensure that the corporate network of the company does not get infected with the virus infections that the remote computers might be infected with. Terminal Services licensing D.com/windowsserver2008/en/us/security-policy.The Power of Knowing . None of the above Answer: A Explanation: The Network Access Protection (NAP) is a component of the Network policy and Access services that allow protecting network resources by enforcing compliance with system health requirements. As a desktop support technician for Certkiller . Configure a network health policy which enforces an anti-spy ware application and that the anti-spy ware application is up to date D.aspx QUESTION 57: Certkiller uses Routing and Remote Access Service (RRAS) for remote users access on their corporate network. Reference: Security and Policy Enforcement http://www. Configure a network health policy which ensures that anti-virus software is running and the anti-virus application is up to date C. The remote user's computers are source of virus infection on internal member servers. which uses Active directory domain.microsoft. The remote user computers are not part of domain members. A. Actualtests. Deploy anti-virus software on RRAS server and configure automatic updates for anti-virus software B. which is important to ensure that the client computers on a private network meet administrator-defined requirements for system health. you need to configure a network health policy which enforces that anti-virus software is running and the anti-virus application is up to date.com .

com/articles_tutorials/Troubleshooting-Remote-Desktop. forward port 3339 to Certkiller 7 D.If you are attempting to connect to a remote machine that sits behind a firewall.com. A domain server called Certkiller 3 functions as a NAT server. forward port 389 to Certkiller 7 C. L2TP VPN connection B. None of the above Answer: C Explanation: To ensure that administrators can access the server. Certkiller 7 by using Remote Desktop Protocol (RDP). Reference: Troubleshooting Remote Desktop / The Remote Computer Cannot be Found http://www. The firewall is configured to allow only secured Web communications. All servers in the domain run Windows Server 2008.html Reference: Network Access Protection http://technet2. Which of the following type of connection would you create to enable remote users to connect to the corporate network as securely as possible without opening ports on the firewall? A.html QUESTION 59: On the corporate network of Certkiller . A. forward port 3386 to Certkiller 7 E.microsoft. SSTP VPN connection C. then the firewall must allow traffic to flow through TCP port 3389.com/2415-1035_11-177853.com/windowsserver2008/en/liBRary/40dcd5ed-1cb9-4f29-8470f6b4548c8e121033. you need to configure the Certkiller 3 to forward port 3339 to Certkiller 7 The Remote Desktop Protocol is designed to work across TCP port 3389. you deployed a Windows Server 2008 VPN server behind the firewall. Most of the remote users that connect to the corporate network through VPN use portable computers that run Windows Vista with the latest service pack. Certkiller 7 by using Remote Desktop Protocol (RDP).msp QUESTION 58: The corporate network of Certkiller consists of a Windows Server 2008 single Active Directory domain. Which forward port would you configure on Certkiller 3 to Certkiller 7 to ensure that administrators can access the server.com .windowsnetworking. IPsec tunnel Actualtests.070-642 Reference: SolutionBase: Introducing Network Access Protection for Windows http://techrepublic.The Power of Knowing . forward port 1432 to Certkiller 7 B.

where all servers run Windows Server 2008. B. The company has a head office and 15 BRanch offices.com . None of the above Answer: C Explanation: To enable remote users to connect to the corporate network as securely as possible without opening ports on the firewall. Answer: C Explanation: To ensure that the VPN connections between the main office and the BRanch offices meet the given requirements. the VPN client sends its user certificate for authentication and the VPN server sends a computer certificate for authentication. Use a PPTP connection and version 2 of the MS-CHAP v2 authentication. L2TP leverages PPP user authentication and IPSec encryption to encapsulate and encrypt IP traffic. you need tocreate an IPsec tunnel. Besides you want that VPN connection to use computer-level authentication and must not use user names and passwords for authentication.org/doc/en_US. To ensure security you want VPN connections to use end-to-end encryption to encrypt data transmitting between the head office and the BRanch offices. you need to configure a L2TP/IPsec connection to use the EAP-TLS authentication. Which of the following options would you choose to accomplish this task? A. PPTP VPN connection E. With EAP-TLS. The BRanch office computers use VPN connections to connect to the head office computers. C. Use an IPsec connection and a tunnel mode and preshared key authentication. D.html QUESTION 60: You are an enterprise administrator for Certkiller . The corporate network of the company consists of a single Active Directory domain. Use a L2TP/IPsec connection and the EAP-TLS authentication. Therefore it ensures that all data is encrypted by using end-to-end encryption and the VPN connection uses computer-level authentication.The Power of Knowing . Actualtests. Reference: 14. uses certificate-based computer identity authentication to create the IPSec session in addition to PPP-based user authentication.ISO8859-1/books/handbook/ipsec.070-642 D. known as L2TP/IPSec. This is the strongest authentication method as it does not rely on passwords. Use a L2TP/IPsec connection and version 2 of the MS-CHAP v2 authentication.10 VPN over IPsec http://www. To ensure that User names and passwords cannot be used for authentication.freebsd. which does not require a firewall to open ports for secure communication. This combination. you need to use EAP-TLS authentication.

Network Policy and Access Services role B. The company consists of a head office and a BRanch office. you need to configure Extensible Authentication Protocol (EAP) authentication method. where all servers run Windows Server 2008. Challenge Handshake Authentication Protocol (CHAP) E.html QUESTION 62: You are an enterprise administrator for Certkiller . The domain consists of a member server named Certkiller Server1 on which the Routing and Remote Access role service is installed. Extensible Authentication Protocol (EAP) C. The corporate network of the company consists of a single Active Directory domain. Each correct answer will form a part of the answer) A. or biometric techniques.com/5100-10878_11-1058239. Password Authentication Protocol (PAP) B. None of the above Answer: B Explanation: To configure the Point-to-Point Protocol (PPP) authentication method on Certkiller Server1. Which of the following authentication method should you use to configure the Point-to-Point Protocol (PPP) authentication method on Certkiller Server1? A. Reference: Making sense of remote access protocols in Windows / DIAL-UP AUTHENTICATION http://articles. Routing and Remote Access Services role service. All the servers in the domain run Windows Server 2008.070-642 Reference: Virtual Private Networking with Windows Server 2003: Deploying Remote Access VPNs / Layer Two Tunneling Protocol with IPSec/ Authentication Protocols http://www.com. smart cards. Actualtests. The corporate network of the company consists of a single Active Directory domain called Certkiller .The Power of Knowing . Microsoft Windows uses EAP to authenticate network access for Point-to-Point Protocol (PPP) connections.com/doc/2320023/DeployRasWithVPN QUESTION 61: You are an enterprise administrator for Certkiller . Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) D.scribd.com. The corporate network has Network Access Protection (NAP) configured for the domain. You have been assigned the task to configure the server in the head office as a VPN server.com . Which of the following roles would you install on the server to accomplish the given task? (Select two.techrepublic. EAP was designed as an extension to PPP to be able to use newer authentication methods such as one-time passwords.

Host Credential Authorization Protocol role service. It is just a group policy for wired network. The option B is a wireless enforcement network policy. E. You cannot use Wired Network Group policy for security and restricted access. Network Access Protection is configured on it. Add and configure 802. B Explanation: To configure the server as a VPN server.com/articles/Configuring-Windows-Server-2008-Remote-Access-SSL-VPNServerQUESTION 63: Certkiller . You need to configure an IPSec Enforcement Network Policy.com . As per company policy.windowsecurity. Actualtests. F. Deployment Server role service. you need to install Network Policy and Access Services role and Routing and Remote Access Services role service on the server. So you could not use it in this scenario. Users connect to the corporate network through their laptops or PCs to use network resources. To install Routing and Remote Access Services role service on the server. strict security measures are required to secure the data when it is transmitted between the servers and the clients. Add and configure an IPSec Enforcement Network policy B. Deployment Transport Role Service. Add and configure a Wired Network Group policy D. you need to first install Network Policy and Access Services role on the server. Windows Deployment Services role D.com has a corporate network. None of the above Answer: A Explanation To implement the restricted access control. You have to create a strict access requirement that will stop any other person connecting to the corporate network and using network resources.The Power of Knowing . What should you do to implement the restricted access control? A.070-642 C. Reference: Configuring Windows Server 2008 as a Remote Access SSL VPN Server (Part 2) / Install the RRAS Server Role on the VPN Server http://www. All you have to do is create an enforcement network policy that uses IPSec. Add and configure an Extensible Authentication Protocol (EAP) Enforcement Network policy E. The other options like option C are out of the context. The Internet Protocol Security will authenticate the IPs of authenticated users through its security.1X Enforcement Network policy C. Answer: A. you should choose option A.

All of the above Answer: B Explanation To ensure that the application works normally on every client computer. You start troubleshooting the problem and discover that the anti-spyware software installed on the client's computer is not compatible with the new application. The Network Access Protection (NAP) is configured on default settings for the network. Turn off the anti-spyware setting "up to date" on the Windows Security Health Validator window B. You install an application on a client's computer that runs Windows Vista Business.com has Network Access Protection (NAP) and Active Directory Certificate Services (AD CS) running on their Active Directory domain. Turn off the Anti-spyware setting "Application is on" on the Windows Security Health Validator window C. What should you do to ensure that the application works normally on every client's computer? A. are required to be connected to the wireless network and join the Active Directory domain. QUESTION 65: Certkiller .The Power of Knowing . the Windows Defender Service is also not an option for this scenario because it will not hinder with the new application and there is no use starting it manually and disabling it. The Windows Security Health Validator keeps all the important application on to ensure that the critical applications are working. Disable the Windows Defender service and then enable it again after putting it on manual startup. D. Configure the system health agent failure option through Error code resolution to healthy E.com . Configure the Windows Defender service on client's computer to a manual startup.070-642 QUESTION 64: Certkiller . You have to turn the anti-spyware settings "application is on" off on the Windows Security Health Validator window. What should you do to ensure that the laptops could join the domain when users restart them? Actualtests. You should not choose option A because it will update the anti-spyware software. These portable computers will be using PEAP-MS-CHAP V2 for authentication. New laptops with Windows Vista installed. Since the Anti-spyware is not compatible with the application you are installing on client computers.com has a corporate network. the application continues to fail. Similarly. The basic job of the application is to connect to a remote database server. you should choose the option B. you should turn it off in the Windows Security Health Validator Window. When you install the application on the client's computer. the application fails. Even after disabling the anti-spyware software.

Configure a group policy with the use of Windows WLAN Auto Config service for clients policy setting disabled E.TLS).aspx QUESTION 66: Network Access Protection (NAP) is configured on the Certkiller Corporate network with the default settings. you discovered that the anti-spyware software running on the client computers is creating problems because it is not compatible with the application that you are trying to install. which is a temporary wireless profile that can be used to obtain connectivity to a secure wireless network.The Power of Knowing . None of the above Answer: B Explanation: To ensure that the Wireless client laptops running Windows Vista using PEAP-MS-CHAP V2 for authentication could join the AD domain when users restart them. you need to configure each laptop computer with a Bootstrap wireless profile. Disable the Anti-spyware is up to date setting on the Windows Security Health Validator dialog box C. These credentials may include a username and password (for Protected EAP [PEAP]-Microsoft Challenge Handshake Authentication Protocol version 2 [MS-CHAP v2]) or certificates (for EAP. Which of the following options would you choose to ensure that all the client computers could run the new application? A.com/hi-in/liBRary/bb727033(en-us). Configure a group policy with the use of Windows WLAN Auto Config service for clients policy setting enabled D. you disabled the anti-spyware on the client computers. On investigating the problem. Run the netsh wlan export profile command on all laptops.microsoft. To correct the problem. However. Configure the Error code resolution setting for the System Health agent failure option Actualtests.com . Reference Joining a Windows Vista Wireless Client to a Domain http://technet. Disable the An anti-spyware application is on setting on the Windows Security Health Validator dialog box B. Configure each laptop computer with a Bootstrap wireless profile C. B. You need to deploy an application that is mandatory to use for all the employees of the company and needs to be installed to all the client computers running Windows Vista. The application connects to a remote database at the backend. but application still failed to run on the client computers.070-642 A. it failed to run on client computers. the wireless client user can join the computer to the domain after providing security credentials for an authentication by a RADIUS server. Once connected to the wireless network. when you tried to deploy the application.

Disable the Prevent connections to infrastructure networks option in the wireless Group Policy settings in the Group Policy Management Console. Use 802. A number of mobile users connect to the network wirelessly. Which of the following options would you choose to ensure that NAP policies are enforced on portable computers that use a wireless connection to access the network? What should you do? A. D. E.070-642 to Healthy D. you need to disable the anti-spyware application is on setting on the Windows Security Health Validator dialog box Disabling the Anti-spyware is up to date setting on the Windows Security Health Validator dialog box will not help if anti-spyware application is on setting on because the Anti-spyware is up to date setting will not ensure that the client is not using an anti-spyware application. C.windowsnetworKing. Use MS-CHAP v2 authentication on all portable computers.com . You have NAP policies configured for these users. Configuring the Windows Defender service or configuring the Error code resolution setting for the System Health agent failure option will not help because neither Windows defender nor System Health agent is creating problem in his case. Enable the Prevent connections to infrastructure networks option in the wireless Group Policy settings in the Group Policy Management Console. None of the above Answer: C Explanation: To ensure that NAP policies are enforced on portable computers that use a wireless Actualtests.html QUESTION 67: The corporate network of Certkiller consists of servers that have Active Directory Certificate Services (AD CS) and Network Access Protection (NAP) deployed on them.The Power of Knowing .com/articles_tutorials/Introduction-Network-Access-Protection-Part4. Re-start the Windows Defender Service. None of the above Answer: A Explanation: The application failed even after disabling the anti-spyware on the client computers because the client computers are supposed to be using anti-spyware application according to Windows Security Health Validator (SHV) policy that is configured on the client computers through NAP. E. Reference: An Introduction to Network Access Protection (Part 4) http://www. Configure the Windows Defender service to the Manual Startup type on the client computers. To resolve the problem.1X authentication to on all access points. B.

Apply an IPSec NAP policy.aspx?casestudyid=4000000983 QUESTION 69: The corporate network of Certkiller contains a Windows Server 2008 that has the Network Policy Server (NPS) service role installed.1x wireless connections. Configure a NAP policy for 802.1X enforcement enforce health policy requirements every time a computer attempts an 802. Restrict DHCP clients by using NAP. you need to configure all access points to use 802. Use MS-CHAP v2 authentication for all VPN connections. 802. you need to configure all access points to use 802. 802.com/casestudies/casestudy.1X-authenticated network connection.microsoft.The Power of Knowing .com/casestudies/casestudy.microsoft.aspx?casestudyid=4000000983 QUESTION 68: On the corporate network of Certkiller the Network Access Protection (NAP) is configured. Which of the following options would you choose to allow VPN access to only the members of a global group named Certkiller Staff to the network? Actualtests. C. Reference: Microsoft Improves Security Policy Compliance with Network Access Protection http://www.com . Reference: Microsoft Improves Security Policy Compliance with Network Access Protection http://www.1X authentication.1X authentication. The remote computers can cause security problems to the corporate network Which of the following options would you choose to ensure that data transmissions between remote client computers and the corporate network are as secure as possible? A. E. D. None of the above Answer: B Explanation: To ensure that NAP policies are enforced on portable computers that use a wireless connection to access the network.1X-authenticated network connection.1X enforcement also actively monitor the health status of the connected NAP client and applies the restricted access profile to the connection if the client becomes noncompliant. 802. B.1X enforcement enforce health policy requirements every time a computer attempts an 802. 802.070-642 connection to access the network.1X enforcement also actively monitor the health status of the connected NAP client and applies the restricted access profile to the connection if the client becomes noncompliant. Some users connect to the corporate network remotely.

For the same reason you can create a policy of Certkiller Staff VPN group and set the processing order of the policy to one. Configure a Network Policy having the Remote Access Server as the only available authentication method. Configure all access points as RADIUS clients to the Network Policy Server (NPS).The Power of Knowing . define a group-based condition for Certkiller Staff. E. This is because the policies are evaluated from top to bottom and processing stops once a policy rule is matched. Set the access permission to Access Granted. Configure a Connection Request Policy having EAP-TLS as the only available authentication method. you need to create a new network policy and define a group-based condition for Certkiller Staff then set the access permission of the policy to Access Granted and set the processing order of the policy to 1. D. Having this policy listed first reduces processing load and time on the NPS. and so on and then create network policies based on them. Create a new network policy. C. E. D. None of the above Answer: A Actualtests. department. You can create different compliance standards for users based on role.070-642 A.1x authentication to all the access points that will be used to access to the corporate network using wireless computers to ensure secure wireless access. C. define a group-based condition for Certkiller Staff. and set the processing order of the policy to 1. Set the access permission to Access Granted. and set the processing order of the policy to 3. B. You have configured the 802. First is the Com-pli-ant FullAccess policy which states that machines that pass all SHV checks are granted unrestricted network access should be listed.com . The next policy used should be for Non-com-pli-ant or Restricted machines and the third policy is for backward compatibility of computers. Add Certkiller Staff to the RAS and IAS Servers group. Configure all access points as RADIUS clients to the Remediation Servers.microsoft. geography. Create a new network policy. Add Certkiller Staff to the Network Configuration Operators group. Which of the following options would you choose to ensure that all the client computers that try to access the corporate network are evaluated by NAP? A. None of the above Answer: A Explanation: To allow access to only the members of Certkiller Staff VPN to the network. B. Reference: Security WatchNetwork Access Protection / Contoso NAP Deployment http://technet.aspx QUESTION 70: On the corporate network of Certkiller the Network Access Protection (NAP) is configured.com/en-us/magazine/cc162368.

com/en-us/magazine/cc434701.070-642 Explanation: To ensure that all the client computers that try to access the corporate network are evaluated by NAP. To protect the VPN connection. the connection request policy requires the use of a Protected Extensible Authentication Protocol (PEAP)-based authentication method. The Actualtests.com/windowsserver2008/en/liBRary/ec5b5e7b-5d5c-4d04-98ad55d9a09677101033. Reference: The Cable Guy Troubleshooting NAP Enforcement / Health Requirement Policies http://technet.1X Authenticated Wired and Wireless Access http://technet2. You configure the functions on both servers as shown in the exhibit. Reconfigure Certkiller VPN as a Radius client E.ms QUESTION 71: Exhibit: Certkiller . and PEAP-TLS. Reconfigure Certkiller NPS as a Radius Client C. Configure a NAP role and add it to a domain controller D.1X and VPN enforcement.com has decided to employ Network Access Protection (NAP) on the server. Certkiller . By default.com .microsoft. Configure a NAP role on an Enterprise Certificate Server B.microsoft. you should reconfigure Certkiller VPN as a Radius client. None of the above Answer: D Explanation: To ensure that the system health policy is implemented on all client computers that attempt a VPN connection. you need to create a Connection Request Policy that specifies EAP-TLS as the only available authentication method.The Power of Knowing . You are given the task for implementing the NAP on the server. for 802. What should you do to ensure that the system health policy is implemented on all client computers attempting to connect to the VPN server? A. If the connecting client does not use PEAP. EAP with Transport Layer Security (TLS) or EAP-TLS.aspx Reference: What Works Differently / 802. For example.com has a server with Active Directory Domain and an Enterprise Root Certificate authority installed. Windows Server2008 supports the EAP methods: PEAP-MS-CHAPv2. the connection request is rejected. The connection request policy can impose connection requirements. You build two servers named Certkiller NPS and Certkiller VPN.

Set the access permission of the policy to Access granted.mspx Reference: Configuring Exemption Policies for Configuration Manager Network Access Protection http://technet. C. D.microsoft. at first position) are processed by NPS first. Reference: Connection Request Policy Commands http://technet2. the policy is added at the end of the list. Besides this the company has many remote users that need to connect to the corporate network. Add GroupA to the RAS and IAS Servers group. Set the processing order of the policy to 1 Processing orderspecifies the numeric position of this policy in the list of policies configured on the NPS.com .The Power of Knowing . GroupA and GroupB. QUESTION 72: You are an enterprise administrator for Certkiller .microsoft. Policies highest in the list (for example. To secure the corporate network. Answer: D Explanation: Network Policy Server (NPS) in WindowsServer2008 allows you to create and enforce organization-wide network access policies for client health.com/en-us/liBRary/bb693983. To allow only members of a global group named GroupA VPN access to the network.aspx Actualtests. set the access permission of the policy to Access granted and set the processing order of the policy to 1. If processing order is not specified. The company has divided these remote users into two global groups. Policies added at positions above other policies cause the positions of the other policies to drop in the list by one position. You want to allow VPN access to the corporate network to GroupA. you installed the Network Policy Server (NPS) service role on a server that runs Windows Server 2008. connection request authentication. Create a new network policy having a group-based condition for GroupA.com/windowsserver2008/en/liBRary/c504902c-9765-4c26-9306fca4a14f7fba1033. set the access permission of the policy to Access granted and set the processing order of the policy to 3. Add GroupA to the Network Configuration Operators group. and connection request authorization. you need to create a new network policy and define a group-based condition for GroupA. Create a new network policy having a group-based condition for GroupA. The company has a head office and three BRanch offices.070-642 Certkiller VPN will authenticate and authorize the client VPN connections and won't allow those clients who don't have a system health policy added on their machines. B. Which of the following options would you choose to accomplish this task? A.

C. Disconnect the remote connection until the required updates are installed. They need to access the secured content from different sources. They need to access it from their office using Actualtests. Reference: Understanding Network Access Protection / Using Network Access Protection http://e-articles. and then select the Enable This Enforcement Client check box. you need to Quarantine clients that do not have all available security updates installed.070-642 QUESTION 73: You are an enterprise administrator for Certkiller . You can use NAP to improve the security of your private network by ensuring that the latest updates are installed before users connect to your private network. you can prevent the computer from connecting to your private network. Quarantine clients that do not have all available security updates installed. The domain runs Windows Server 2008 on all servers and Windows Vista on all client computers. The corporate network of Certkiller consists of an Active directory domain called Certkiller . Using the NAP Client Configuration tool. Which of the following options would you choose to ensure that client computers meet the company's policy requirement? A. None of the above Answer: D Explanation: To ensure that client computers meet the company policy requirement.info/e/a/title/Network-Access-Protection-(NAP)-in-Windows-Vista/ QUESTION 74: As an administrator at Certkiller .com. you can configure separate enforcement policies for remote access clients. regardless of how those computers are connected to the network. you create a Windows CardSpace in the Certkiller domain. If a client computer does not meet the health requirements. To enforce remote access NAP.com . Enable the Security Center on each client. The corporate network uses Network Access Protection (NAP) to enforce policies on client computers that connect to the network.The Power of Knowing . double-click Remote Access Quarantine Enforcement Client. Enable automatic updates on each client. Since the sales people have to move consistently. The users are sales people from sales department.com. According to the Company's policy. B. open NAP Client Configuration tool. Administrators can use NAP to enforce health requirements for all computers that are connected to an organization's private network. E. They are the member of Sales group and are included in the Sales organizational unit in the hierarchy. A Group Policy is used to configure client computers to obtain updates from WSUS. D. only the client computers that have updates labeled Important and Critical installed on them can access network resources.

It is the easiest and safest way to use the exported file containing digital identities to access secured content.com has two servers named CKS1 and CKS2. Create a new Group Policy Object (GPO). you are using Windows CardSpace to authenticate users accessing online services on internal websites on CKS1. What should you do to make sure they access secured content from any place? A. Connect the GPO to the Sales group in the organizational unit. Let the users export their digital identities to a USB drive. notebooks and Palm devices. You cannot put the sales global group in the local security group of windows Authentication Access domain because it is for local security. Assign a password to access the exported file containing digital identities B. All other options are invalid in this scenario. You want to deploy the card information on CKS2.The Power of Knowing . USB drive is easy to carry and it is a plug n play device. Configure NTbackup tool to backup card information on CKS1 and restore it on CKS2 D. use a third party restore backup tool to restore the backup on CKS2 B. None of the above Actualtests. They also access the secured content from clients' computers and from internet cafes. Both servers run Windows Server 2008. Users of the local security group will not be in the group once they leave their personal computer.com . Which Microsoft recommended method should you use to transfer card information to CKS2? A. Create a backup of card information on CKS1 on a client computer and access it from CKS2 to restore the backup to CKS2 E. laptops. The user can plug the USB drive to any computer and access the exported file containing digital identities to view the secured content. Backup card information on CKS1 and restore it on CKS2 using Windows CardSpace C. Setup the User Account Control for Sales users to prompt for credentials E. All of the above Answer: A Explanation: To make sure that the users' can access secured content from any place. you should choose option A. Install and configure the third party backup tool and backup the card information on CKS1. You need to ensure that the get the authentication to access most secured content from any computer using Windows CardSpace. Put the Sales global group in the local security group of Windows Authentication Access domain D. Create a new GPO and link it to the Sales global group in organizational unit. Create and configure machine Access Restrictions in SDDL (Security Descriptor Definition Language) and configure the remote access setting for the Sales group C. QUESTION 75: Certkiller . For digital authentication.070-642 computer.

NTbackup tool will not be able to restore the backup on the other server and putting the card information on a client computer and accessing it from CKS2 to restore the information is certainly not an option because you cannot use the third party backup for this scenario. IPSec enforcement network policy authenticates NAP clients when they initiate IPsec-secured communications with other NAP clients.070-642 Answer: B Explanation The Microsoft recommended method for transferring the card information to CKS2 is option B. QUESTION 76: On the corporate network of Certkiller . Create an IPSec enforcement network policy B. You should use Windows CardSpace to backup card information and restore it on CKS2. What should you do to achieve this? A. Create an extensible authentication protocol enforcement policy E. which is not required here. Reference: NAP protects networks by restricting client connections Actualtests. you want to ensure that personal portable computers that don't comply with policy requirements must be prohibited from accessing company resources.3) group policy D.com . Company's security policy enforces data confidentiality while the data is in transit between servers and client computers. None of the above Answer: A Explanation: Because the scenario suggests the configuration of the security policy on the network. You have to select the option which is recommended by Microsoft. Create and 802. you need to create an IPSec enforcement network policy as a Network Access Protection Mode to ensure that personal portable computers that don't comply with policy requirements are prohibited from accessing company resources. 802. As a network administrator of the company.3) group policy cannot be used because they are switch-based enforcement. It is obvious that Windows CardSpace should be used to backup and restore the card information.1X enforcement network policy C.The Power of Knowing . Extensible authentication protocol enforcement policy is not required here because it is used to allow EAP method vendors to easily develop and install new EAP methods on both client computers and NPS servers. it's placed in a limited-access VLAN until it authenticates to a NAC server and passes assessment. Every time a client activates a switch port.1x-based enforcement network policyand the wired network (IEEE 802. Network Access Protection is configured to limit the network access of computers based on predefined health requirements. You cannot use third party software for backup and restore because it is not recommended by Microsoft. Create a wired network (IEEE 802.

All users of the hr department are members of the hr global group and reside in hr OU.The Power of Knowing . E. Configure a new group policy object (GPO). Link the new GPO to the hr OU.biztechmagazine. Places the hr global group into the Windows Authorization Access domain local security group B. Configure a new group policy object (GPO). Configure a pass phrase for access to the exported file C. Configure the User Account Control: Behavior of the elevation prompt for standard user GPO setting to prompt for credentials.com/en-us/magazine/cc194418. Link the new GPO to the hr OU. Configure the Allow remote access setting for the hr global group.com/article. The hr employees of the company are required to access secured content from multiple sources and access data using varied computers residing at different locations. Actualtests. D.1X Wired Authentication http://technet. The USB drive can then be used to install cards onto other machines from where the user needs to access the information. None of the above Answer: B Explanation: To ensure the hr employees of the company use Windows CardSpace for authentication from any computer to any of the most secured content locations.070-642 http://www. What should you do to ensure the hr employees of the company use Windows CardSpace for authentication from any computer to any of the most secured content locations? A.asp?item_id=382 Reference: The Cable Guy IEEE 802. Enable the users to export their digital identities to a USB drive. The Card Export feature of Windows CardSpace allows the copying of information cards onto an external storage medium. None of the other options can be used because configuring group policies cannot ensure the use of Windows CardSpace for roaming users. such as a USB drive.microsoft. you need to enable the users to export their digital identities to a USB drive and then configure a pass phrase for access to the exported file. For security purpose a user selected pass-phrase is used to encrypt information cards so that even if the storage medium is lost. The company has many departments and their respective OUs are configured in the AD.com . only someone who knows the pass-phrase can decrypt the cards it contains. You want the hr employees of the company to use Windows CardSpace for authentication. Configure the DCOM: Machine Access restrictions in security descriptor definition language setting (SDDL) syntax setting.aspx QUESTION 77: Certkiller has implemented Windows CardSpace in the company's network Active Directory domain.

The network policy provides a policy conditions called "Allow full network access for a limited time". Configure the Logon Hours for the default domain policy by enabling the Force logoff when logon hours expire option. Reference: Step By Step Guide: Demonstrate VPN NAP Enforcement in a Test Lab / NAP enforcement and network restriction http://www.microsoft. and Development. where all servers run Windows Server 2008. D. A member server called Certkiller Server1 has File Server role installed on it. Actualtests.The Power of Knowing .aspx#introinfocard_topic4 QUESTION 78: You are an enterprise administrator for Certkiller .microsoft. The company has three departments. B.com . The company has a head office and 15 branch offices. All the servers in the domain run Windows Server 2008. Modify the share permissions for the Marketing Users group to Contributor. Sales.com/en-us/liBRary/aa480189.com/downloads/details. The corporate network of the company consists of a single Active Directory domain.aspx?FamilyID=729bba00-55ad-4199-b441378cc3d900a7&displa QUESTION 79: You are an enterprise administrator for Certkiller . C. Configure the Logon hours for all user objects by specifying only the VPN server on the Computer restrictions option. The corporate network of the company consists of a single Active Directory domain. However. the NAP enforcement is delayed until the specified date and time. which allow clients to temporarily access full network. Which of the following options would you choose to ensure members of the Marketing group users can only view and open files in the shared folder? A. Which of the following options would you choose to ensure that users cannot access the VPN server remotely from 21:00 to 06:00? A. Create a network policy for VPN connections and apply an IP filter to deny access to the corporate network. The server consists of a shared folder named AcctShare. you need to create a network policy for VPN connections and then modify the Day and time restrictions. The branch office computers use VPN connections to connect to the head office computers. Marketing. Answer: A Explanation: To ensure that users cannot access the VPN server remotely from 21:00 to 06:00. Create a network policy for VPN connections and configure the Day and time restrictions accordingly.070-642 Reference: Introducing Windows CardSpace / Roaming with Information Cards http://msdn2.

Configure a group policy object link it to the server B.070-642 B. For example.com has a network consisting of a Windows Server 2008 server and Windows Vista client computer.com .11 wireless network. None of the above Answer: C Explanation The correct answer for this question is option C. Install APs and configure RADIUS settings C. D. only the initial shared folder can have share permissions configured on it. Share permissions are only associated with the folder that is being shared. The users can automatically connect to the wireless network through their user accounts. Configure users and computer accounts on client computers and set remote access permission with appropriate settings D. or archive of the object. move. Modify the share permissions for the Marketing group to Read. Configure the users and computer accounts on client computers and install the certificate authority on each client computer E.The Power of Knowing . Actualtests. you need to modify the share permissions for the Marketing group to Read NTFS permissions are associated with the object. C. They also asked you to secure the wireless network by configuring it to use smartcards. Therefore you need to assign read permission. and Read.html QUESTION 80: Certkiller . Answer: D Explanation: To ensure members of the Marketing group can only view and open files in the shared folder. even if a folder is not shared. if there are 5 subfolders below the folder that is shared. Modify the NTFS permissions for the Marketing group to Modify. The share permissions standard list of options is not as robust as the NTFS permissions. The share permissions only provide Full Control. But the users complain that they cannot access the wireless network? What should you do to ensure that all users using their computers can access wireless network? A. Certkiller has asked you to deploy a protected IEEE 802.com. You configure the certificate infrastructure and Active Directory users and groups for wireless access. You are the administrator at Certkiller . Change. You need to set the remote access permission by configuring the user accounts on client computers. so the permissions are always connected with the object during a rename.windowsecurity. Modify the NTFS permissions for the Authenticated Users group to Modify and the share permissions to Contributor.com/articles/Share-Permissions. NTFS permissions can be established on every file and folder within the data storage structure. Reference: Share Permissions http://www.

com. Certkiller . You need to deploy and configure wireless APs to provide wireless coverage fro the wireless network. it gives errors. QUESTION 82: Certkiller runs ISA server as a firewall to secure their internal corporate network. However. Configure each client computer to accept the APs BRoadcast through Primary DNS server E. RADIUS shared secret and failure detection settings.070-642 Installing Access Points (APs) and configuring RADIUS settings is not a valid option in this scenario because the signals are full. You should configure the APs to include Remote Authentication Dial-in User service (RADIUS) settings. Open port 1423 on firewall B. You should use the settings such as names of primary and secondary RADIUS servers. the correct option is A. the users started receiving "Error 721: The remote computer is not responding" while trying to connect to the VPN server. Options like configuring Wi-Fi Protected Access and WPA2 settings are not valid because WPA settings are related to Wireless connection security. As a network administrator for the company.com . None of the above Answer: A Explanation: In this scenario. Installing certificate authority on each client computer has nothing to do with wireless access because you have already configured and checked the certificate infrastructure. Configure the WPA2 settings on APs D.com has an IAS server. Open port 1723 on firewall Actualtests. after configuring VPN. you have been assigned the task to setup the remote access for users to the corporate network through a Virtual Private Network (VPN) service using Point-to-Point Tunneling Protocol (PPTP). UDP ports. You deploy APs and configure them to support authentication mechanism as per company policy. But when you test the connection with APs. APs are installed and configured when client machines are not receiving full signals. The authentication mechanism is Wireless Encryption Protocol (WEP) encryption with 802-1X authentication. What should you do to ensure that users successfully establish a VPN connection? A. QUESTION 81: You're an administrator at Certkiller . What should you do to ensure that the APs are set to BRoadcast the signals and the client computers can receive the wireless network coverage? A. Configure the Wi-Fi Protected Access (WPA) on APs C.The Power of Knowing . Configure the RADIUS settings for the primary and secondary RADIUS servers B.

The Error 721 occurs when the VPN is configured to use PPTP. Run the gpupdate / boot command on the notebook computers B. you need to make sure that TCP Port 1723 is opened on the Firewall and IP Protocol 47 (GRE) is configured. E. Run the gpupdate / target: computer command on the notebook computers C. To resolve this problem.aspx?scid=KB.888201 QUESTION 83: Certkiller is deploying notebook computers that will be used over a wireless network. Actualtests.chicagotech. The new notebook computer users complain that they cannot connect to the wireless network. Log off the network computers.EN-US.net/raserrors. Connect the notebook computers to the wired network. None of the above Answer: B Explanation: To establish VPN connectivity through PPTP.microsoft. Run the Add network that is in the range of this computer wizard on the notebook computers and leave the Service Set Identifier (SSID) blank. you need to connect the notebook computers to the wired network. You have configured a group policy and configure profiles by using the names of approved wireless networks and linked the group policy object (GPO) to the Notebook OU. you need to configure the network firewall to permit GRE protocol 47 and make sure that the network firewall permits TCP traffic on port 1723. Open port 3389 on firewall D. Open port 6000 on firewall E.htm#Error%20721 Reference: You receive an "Error 721" error message when you try to establish a VPN connection through your Windows Server-based remote access server http://support. What should you do to ensure that group policy wireless settings are applied to the notebook computers? A. and then log on again D. so it can't update. Reference: RAS Error Code / Error 721: http://www.com/default.070-642 C. and the network firewall does not permit Generic Routing Encapsulation (GRE) protocol traffic. None of the above Answer: C Explanation: The users cannot connect to the wireless network and the group policy wireless settings are not applied to the notebook computers because the GPO settings always try to get applied on startup before the wireless connects to the network. To resolve this problem.com .The Power of Knowing . which uses GRE protocol for tunneled data.

Enable the Block all connections option on the Public Profile of Windows Firewall. Windows Firewall with Advanced Security ignores all inbound rules.com/windowsserver2008/en/liBRary/19b429b3-c32b-4cbd-ae2a8e77f2ced35c1033. The corporate network of the company consists of a single Active Directory domain. Enable the Block all connections option on the Domain Profile in Windows Firewall. To ensure its security. Reference: Configuring firewall properties http://technet2.com. As soon as the users connect to the domain as a wired network. you discovered that a Server called Certkiller Server1. The domain consists of a domain-based DFS namespace called \ Certkiller .com\Management namespace to reduce the workload of the PDC Actualtests.com/5208-6230-0. The corporate network of the company consists of a single Active Directory domain called Certkiller .The Power of Knowing .microsoft. Disable the IP Helper in the Services snap-in. D. You can configure inbound connections to Block all connections from Windows Firewall by configuring Firewall properties. B. The hierarchy of this namespace is updated quite frequently. While your routine checkup. Which of the following options would you choose to accomplish this task? A. Answer: D Explanation: To immediately disable all incoming connections to the server. Reference: GPO not applied for laptops http://techrepublic. The logging off and logging on would help refreshing the policies on the notebook computers.com . effectively blocking all inbound connections to the domain. C. Which of the following options would you choose to configure the \ Certkiller .070-642 Log off the network computers.html?forumID=101&threadID=237624&messageID=2320844 QUESTION 84: You are an enterprise administrator for Certkiller . they will receive the wireless settings. which has multiple sites configured.msp QUESTION 85: You are an enterprise administrator for Certkiller . where all servers run Windows Server 2008. which results in overloading PDC emulator. When Block all connections is configured for a Domain profile .com. which store critical data of the company has been attacked several times. Disable the Net Logon service in the Services snap-in. you decided to disable all incoming connections to the server immediately. you need to enable the Block all connections option on the Domain Profile from Windows Firewall.com\Management. and then log on again.

C. files. D. When root scalability mode is enabled.070-642 emulator? A. Wbadmin start backup allCritical backuptarget:C: /quiet D.com . Set the Ordering method option to Lowest cost. Instead. volumes. B. Answer: C Explanation To configure the \ Certkiller . Wbadmin enable backup -addtarget:R: /quiet B. Wbadmin enables you to back up and restore your operating system. Reference: Polling properties http://technet2. namespace servers do not send change notification messages to other namespaces servers when the namespace changes. The corporate network of Certkiller consists of a Windows Server 2008 on which the Windows Backup and Restore utility is installed. Root scalability mode reduces network traffic to the PDC emulator at the expense of faster updates to all namespaces servers.com\Management namespace to reduce the workload of the PDC emulator you need to enable the Optimize for scalability option. Wbadmin start backup allCritical backuptarget:E: /quiet E.com/windowsserver/en/liBRary/0f0f3943-fd39-4a27-8b313f084f6a77311033.microsoft. Wbadmin enable backup addtarget:C: /quiet C. Enable the Optimize for scalability option. they poll their closest domain controller every hour to discover updates to the namespace. you need to run Wbadmin start backup allCritical backuptarget:E: /quiet command on the server. allows organizations to use more than the recommended 16 namespace servers for hosting a domain-based namespace in consistency mode. nor do they poll the PDC emulator every hour.mspx?mfr QUESTION 86: You are an enterprise administrator for Certkiller . Which of the following command options would you choose to run on the server to create a full backup of all system state data to the DVD drive (E: drive)? A. and applications from a command prompt Wbadmin start backup runs a one-time backup. If used with no parameters. uses the Actualtests. None of the above Answer: D Explanation: To create a full backup of all system state data to the DVD drive (E: drive) on the server.The Power of Knowing . Enable the Optimize for consistency option. The Optimize for scalability mode is also known as root scalability mode. Set the Ordering method option to Random order. folders.

Click on Sessions under the Shared Folders node in the Computer Management. Run vssadmin.msp QUESTION 87: You are an enterprise administrator for Certkiller .com/en-us/magazine/cc196308. Click on Open Files under the Shared Folders node in the Computer Management C. but instead uses a list of fixed commands to guide its function. The domain consists of a file server that runs Windows Server 2008. Run shadow. None of the above Answer: C Explanation: To view the progress of the file restoration. The corporate network of Certkiller consists of a single Active Directory domain called Certkiller .070-642 settings from the daily backup schedule allCritical Automatically includes all critical volumes (volumes that contain operating system's state).exe query reverts from the command prompt.com/windowsserver2008/en/library/4b0b3f32-d21f-4861-84bbb2eadbf1e7b81033. E. Which of the following options would you choose to view the progress of the file restoration? A. B. The corporate network of the company consists of a single Active Directory domain. VSSAdmin does not follow the typical "Command /switch" form. It should be used only when -backupTarget is specified. The Windows Server 2003 Volume Shadow Copy Service can also be administered from the command line by using the VSSAdmin tool that is included with Windows Server 2003.exe query reverts on the command prompt. Reference: Rapid Recovery with the Volume Shadow Copy Service / Command-Line Management http://technet.microsoft. D.microsoft.com. This tool replicates the features of the Shadow Copies tab of the volume Properties screen and can be called from batch files and scripts. The users wanted to view the progress of the file restoration. Query Reverts queries the status of in-progress revert operations.com . you need to run vssadmin.aspx QUESTION 88: You are an enterprise administrator for Certkiller . A network users of the company started restoring a critical large file by using the Previous Versions tab.so you need to specify backuptarget:E: /quiet runs the subcommand without any prompts to the user Reference: Wbadmin start backup http://technet2. This parameter is useful if you are creating a backup for full system or system state recovery. Can be used with the -include parameter.The Power of Knowing . Here the backupTarget is DVD drive (E: drive) on the server. All the servers in the domain Actualtests.exe /v on the command prompt.

B. The -items:d:\SaleRecords specifies that d:\SaleRecords folder needs to be recovered. Run the Wbadmin restore catalog -backuptarget:D: -version: 01/28/2008-09:00-quiet command. -itemtype:File specifies type of items to recover. you need to run the Wbadmin start recovery -version:10/29/2007-09:00 -itemType:File -items:d:\ SaleRecords-overwrite -recursive -quiet command. As you monitor CKTS. -recursive will only recover files which reside directly under the specified folder. Run the Recover d:\ SaleRecords command.com .The Power of Knowing . You have to limit the amount of disk space allocated to each user to 200 MB.com/windowsserver2008/en/liBRary/52381316-a0fa-459f-b6a601e31fb216121033. The D:\ SaleRecords folder is corrupted. The Terminal Server user profiles are in a folder named as UPT on a server called CKTS. Reference: Wbadmin start recovery http://technet2. -Overwrite causes Windows Server Backup to overwrite the existing file with the file from the backup. Run the Wbadmin start recovery -backuptarget:D: -version: 01/28/2008-09:00-overwrite -quiet command.msp QUESTION 89: As an administrator at Certkiller . What should you do to achieve that? Actualtests. the -version 10/29/2007-09:00 specifies the version identifier of the backup to recover. D. Which of the following options would you choose to restore all the files in the D:\ SaleRecords folder back to the most recent backup version. On CKTS3. In the above query. A member server Called Certkiller Server1 has a SaleRecords folder created on it on the D: drive. And -quiet runs the subcommand with no prompts to the user.microsoft. without affecting other folders on the server? A. Run the Wbadmin start recovery -version: 01/28/2008-09:00-itemType:File -items:d:\SaleRecords -overwrite -recursive -quiet command. you install a member server named ebms1 that has Windows Server 2008 as its primary operating system. The most recent backup version is 01/28/2008-09:00.com. The Terminal Services role is installed on the ebms1. In this case it is the file that needs to be recovered. Answer: A Explanation: To restore all the files in the D:\ SaleRecords folder back to the most recent backup version without affecting other folders on the server. a home folder is placed for each user. C. you find out that there is only 5% of hard disk space remaining because the users are saving their files on their profiles on CKTS instead of using their home folders. Wbadmin start recovery runs a recovery based on the parameters that are specified.070-642 run Windows Server 2008.

Apply folder redirection settings to redirect the users to save their files on CKTS3 E. E. Create a new group policy object and link it to the CKTS. To manage the server space. C. C. File Server Resource Manager allows you to create quotas to limit the space allowed for a volume or folder and generate Actualtests. Configuring a quota limit through group policy will not help in Terminal services scenario. Limit the users to use only 200 MB of space. D. you configured quotas on the server. None of the above Answer: C Explanation: To limit the amount of disk space allocated to each user to 200 MB. Configure the UPT folder to limit the disk space quota to allocate 200 MB to all users.070-642 A. Review the Quota Entries list from the properties of each volume. who work on the server and used to store data on it. The corporate network of the company runs Windows Server 2008 servers. Configure a default quota limit to 200 MB and set a warning level policy B.phptr.msp Reference: Setting Up File Sharing Services http://safari. Also disk quotas cannot be configured for each user profile rather it is configured on a volume or a folder. B. you need to configure the disk quotas for the volume that hosts UPT folder and then limit the users to use only 200 MB of space. On the ebms1.com/windowsserver2008/en/liBRary/31790148-eaf1-4115-8a504ce7a4503d211033. D. One of the servers called Certkiller Server1 has file server role installed on it.The Power of Knowing . Create a Storage Management report from File Server Resource Manager. you need to create a Storage Management report from File Server Resource Manager. Create a File Screen using File Server Resource Manager. configure a group policy object. Run dirquota.com/9780596514112/setting_up_file_sharing_services QUESTION 90: You are an enterprise administrator for Certkiller . None of the above Answer: D Explanation To view each users quota usage on a per folder basis. Reference: Working with Quotas http://technet2. Certkiller Server1 was accessed by many network users.microsoft.exe quota list on the command prompt. Configure the disk quotas for the volume that hosts UPT folder. Which of the following options would you choose to view each user's quota usage on a per folder basis? A. Configure each profile by activating disk quota on each profile.com .

Modify the quota template. Create a file screen template and apply it to the root of the volume that contains the folders. and then modify the quota for each folder.mspx?mfr QUESTION 91: You are an enterprise administrator for Certkiller .microsoft. File Server Resource Manager will display the objects created on the remote computer. Create a new quota template. E.com/windowsserver2008/en/library/31790148-eaf1-4115-8a504ce7a4503d211033.070-642 notifications when the quota limits are approached or exceeded. It also allows you to generate storage reports instantly. None of the above Answer: A Explanation: To modify the quota settings for all 100 folders by using the minimum amount of administrative effort. B. you decided to configure quotas on the server. Certkiller Server1 is accessed by 100 network users. who work on the server and used to store data on it.com .The Power of Knowing . you can automatically update all quotas that are based on a specific template by editing that template. you can connect to the computer from File Server Resource Manager.com/windowsserver/en/liBRary/3510fd7c-cbfc-4f67-b4fcd7de7c13373b1033. D.msp Actualtests.microsoft. Because too many quotas need to be configured. While you are connected. If you base your quotas on a template. This feature simplifies the process of updating the properties of quotas by providing one central point where all changes can be made Reference: About Quota Templates http://technet2.microsoft. One of the servers called Certkiller Server1 has file server role installed on it. Reference: Using the File Server Resource Manager Component / Managing Storage Resources on a Remote Computer http://technet2. To manage the server space. you decided to use a new quota template to apply quotas to 100 folders Which of the following options would you choose to modify the quota settings for all 100 folders by using the minimum amount of administrative effort? A. you can simply modify the quota template with the new settings that you want for all the 100 folders. on demand.mspx?mfr Reference: Introduction to File Server Resource Manager http://technet2. Delete and create the quota template again.com/windowsserver/en/liBRary/3510fd7c-cbfc-4f67-b4fcd7de7c13373b1033. The corporate network of the company runs Windows Server 2008 servers. apply it to all the folders. C. To manage storage resources on a remote computer.

com . Install the Line Printer Daemon (LPD) Services role service on Certkiller Server1. The domain also consists of computers that run UNIX operating system.microsoft. A soft quota does not enforce the quota limit but generates all configured notifications.msp QUESTION 93: You are an enterprise administrator for Certkiller . C. A hard quota cannot be used because it prevents users from saving files after the space limit is reached and generates notifications when the volume of data reaches each configured threshold. D. Reference: Working with Quotas http://technet2.com/windowsserver2008/en/library/fa248320-c5a5-4c40-82371bc22eb8253d1033. Install the File Server role and activate the services for the NFS Role Service option on Certkiller Server1. you want to receive a notification when a user stores more than 500 MB of data in the shared folder. An indirect quota Answer: C Explanation: To allow users to store more than 500 MB of data in the shared folder and to receive a notification when a user stores more than 500 MB of data in the shared folder. Which of the following elements would you create to accomplish this task? A. B. E. B.com. A Passive Screening File Screen.The Power of Knowing . A soft quota.) A. The corporate network of Certkiller consists of a file server that runs Windows Server 2008.070-642 QUESTION 92: You are an enterprise administrator for Certkiller . An Active Screening File Screen. Which of the following options would you choose to centralize printing on Certkiller Server1 for both UNIX and Windows users? (Select all that apply. A hard quota. All the network users store data on the file server on a shared folder. However. Because the data stored by the network users is critical for the company. you need to create a soft quota. Actualtests. The domain runs a member Windows Server 2008 called Certkiller Server1. The default Print Server role is installed on Certkiller Server1. you don't want to deny users to store data on the shared folder when they exceed their 500 MB limit of data storage. The corporate network of Certkiller consists of a single Active Directory domain called Certkiller .

Microsoft suggests the use of Group Policy for setting up computers and WSUS in clients. which enables UNIX-based computers or other computers that are using the Line Printer Remote (LPR) service to print to shared printers on this server.microsoft.exe /detectnow and wuauclt. wuauclt.com .wsus. You can use Print Services for UNIX to make your Windows computer work as a Line Printer Daemon (LPD) and Remote Line Printer client Reference: Overview of Print Services/ LPD Service http://technet2.msp Reference: HOW TO: Install and Configure Print Services for UNIX http://support.exe /reauthorization command on each server. Run the wuauclt. The Line Printer Daemon (LPD) Service installs and starts the TCP/IP Print Server (LPDSVC) service. Install the Internet Printing server role on Certkiller Server1.exe /detectnow command on each server. you install WSUS on a server named Certkiller 3. C. Which of the following actions would you perform next to configure all of the servers to receive updates from Certkiller 3? A. Run the wuauclt. you need to configure the Windows Update Settings on each server by using the local group policy.com/windowsserver2008/en/liBRary/b7ccec81-c84b-4533-9a7b53bdaed2f7841033.html Actualtests. Answer: B. Reference: What does wuauclt. To keep the servers updated with latest updates. C Explanation: To provide support to the UNIX users who print on Certkiller Server1.070-642 C. Use Control Panel to configure the Windows Update Settings on each server.info/forums/lofiversion/index. Configuring the Windows Update Settings on each server would be quite time consuming Configure the Windows Update Settings on each server by using the local group policy. None of the above Answer: C Explanation: To configure all of the servers to receive updates from Certkiller 3. B.com/kb/324078 QUESTION 94: Certkiller has opened a new BRanch office where 10 standalone servers run Windows Server 2008.exe / reauthorization force the update detection and reauthorization respectively and therefore cannot be used for configuration. Configure the printers on Certkiller Server1 to use Line Printer Remote printing. E. D.The Power of Knowing . D. Use the local group policy to configure the Windows Update Settings on each server.microsoft.php?t6505.exe /detectnow do http://www. you need to either install the Line Printer Daemon (LPD) Services role service on Certkiller Server1 or configure the printers on Certkiller Server1 to use Line Printer Remote printing.

you configure a Secure Sockets Layer (SSL) on the WSUS server. you discover that the connection between SQL server and WSUS server is not secure. Which two actions should you perform to make sure that the database connection is secure? (Choose two answers. While capturing data on the server. you install Windows Update Server (WSUS) on a server named CKW1 on a network. Put the database on WSUS server B. you decided to perform a security audit of a DC1 and installed the Microsoft Network Monitor 3. To store WSUS database. You have to change the URL configured for the clients to connect to WSUS server. QUESTION 96: You are an enterprise administrator for Certkiller .The Power of Knowing . Other options like installing both SQL server and WSUS on standalone computers are not valid because their membership in the domain has no effect on the data security exchanged between the two servers.com. Install SQL server on one server and WSUS on the other server. The WSUS SSL deployments have some security limitations. You can place the database on WSUS server and configure IPSec on the network.co. Both servers should be stand-alone servers D. Secure the connection between SQL server and WSUS server by configuring Internet Protocol Security (IPSec) on the connection C. While testing the whole process. Then you can deploy IPSec between the WSUS and SQL server to encrypt all traffic between them. you use remote SQL.0 on it.nz/chakkaradeep/4564 QUESTION 95: Certkiller . As a network administrator at Certkiller . Configure the connection between WSUS server and SQL server by using IPv6 IP addresses.com . Each answer is a part of the complete solution) A.0 SP1 (Windows Server 2008) http://www. you find that only some of the captured frames display host mnemonic names in the Source and the Destination columns while all other frames display IP addresses. To check the security of the corporate network. The corporate network of the company consists of a Windows Server 2008 server called DC1 that works as a domain controller. You should place the database on the WSUS server to secure the database connection in this scenario. The SSL protocol enables client computer and WSUS servers to authenticate the WSUS server and pass encrypted metadata.070-642 Reference: Adding Computers to WSUS 3.geekzone. Make the addresses static Answer: D Explanation The right options are A and D. Actualtests. To encrypt metadata transferring between client machines and downstream WSUS servers.com has servers that run Windows Server 2008.

B. and Certkiller Server3. Run the wecutil cs subscription. D. turning off the aliases doesn't show you the real IP address.com . The company consists of a head office and a BRanch office. The BRanch office consists of three servers called Certkiller Server1. D. B.xml command on Certkiller Server1. So in cases where you'd like to see the real IP address and a resolved name exists. Run the wevtutil im subscription. you need to populate the Aliases table and apply the aliases to the capture. To monitor Certkiller Sever2 and Certkiller Server3 from Certkiller server1.xml on Certkiller Server1. However. Which of the following options would you choose to configure a subscription on Certkiller Server1? (Choose two. The corporate network of the company consists of a single Active Directory domain. C. Apply the filter to the capture by creating a new display filter. you discovered that you cannot create a subscription on Certkiller Server1 to collect events from Certkiller Server2 and Certkiller Server3. C. All the three servers run a Server Core installation of Windows Server 2008.technet. Answer: A. Apply the aliases to the capture after populating the Aliases table. E.com/netmon/ QUESTION 97: You are an enterprise administrator for Certkiller . None of the above Answer: A Explanation: To display mnemonic host names instead of IP addresses for all the frames.070-642 Which of the following options would you choose to display mnemonic host names instead of IP addresses for all the frames? A. Aliases table display mnemonic host names. Reference: Network Monitor/ SourceNetworkAddress and DestinationNetworkAddress http://blogs. Enable the Enable Conversations option in the Network Monitor application and then recapture the data to a new file. Each correct answer presents part of the solution.xml command on Certkiller Server1. you decided to configure the Event Logs subscription on Certkiller Server1. B Actualtests.The Power of Knowing . Apply the filter to the capture by creating a new capture filter.xml file.) A. Create an event collector subscription configuration file called subscription. Certkiller Server2. Use Event Viewer on Certkiller Server1 to create a custom view and export the custom view to subscription. All the servers in the domain run Windows Server 2008.

070-642 Explanation: To configure a subscription on Certkiller Server1. So we pass it a "/frame" parameter which tells it to stop the capturing after 10 hours and exit NMCap. The corporate network of the company consists of a Windows Server 2008 server called DC1 that works as a domain controller.cap /stopwhen /timeafter 10hours as arguments. The next parameters "/capture /file %1" tells NMCap what to filter out. D.exe as the application name and provide the /networks * /capture &LDAP /file C:\LDAPData. you created a scheduled task and added a new 'Start a program action' to the task.com/windowsserver2008/en/liBRary/0c82a6cb-d652-429c-9c3d0f568c78d54b1033. which support WS-Management protocol.The Power of Knowing . defines which network interface we are capturing on. In this case.xml command will create a subscription to forward events from a Windows Vista Application event log of a remote computer at Certkiller .0 on it.cap /stopwhen /timeafter 10hours as arguments. You need to then run the wecutil cs subscription. you decided to perform a security audit of a DC1 and installed the Microsoft Network Monitor 3.exe as the application name and provide the /networks * /capture !LDAP /file C:\LDAPData. Which of the following options would you choose to add the application name and the application arguments to the new action? A.com .cap /stopwhen /timeafter 10hours as arguments. In this case it tells to filter LDAP to C:\LDAPData. C. Add nmconfig.com to the ForwardedEvents log.msp QUESTION 98: You are an enterprise administrator for Certkiller . Add nmcap. B. Add netmon. This command enables you to create and manage subscriptions to events that are forwarded from remote computers. wecutil cs subscription.cap. You decided to capture all the LDAP traffic that comes to and goes from the server between 21:00 and 07:00 the next day and save it to the C:\LDAPData.cap file. To accomplish this task. To check the security of the corporate network.xml.microsoft.exe as the application name and provide the /networks * /capture LDAP /file C:\LDAPData.exe as the application name and provide the /networks */capture LDAP /file C:\LDAPData. Add nmcap. the "/stopwhen" directive. Reference: Wecutil http://technet2. Answer: C Explanation: The "/network". The last part of NMCap. you need to first create an event collector subscription configuration file and Name the file subscription. Actualtests. we say "*" for all interfaces.cap /stopwhen /timeafter 10hours as arguments. that allows it to determine when NMCap should stop capturing.xml command on Certkiller Server1.

C. The corporate network of the company consists of servers that run Windows Server 2008. Now you don't want the DHCP clients from receiving IP addresses that are currently in use on the network.com. which has recently failed. However. All the servers on the corporate network run Windows Server 2008.com. As an Enterprise administrator of the company. you need to uncheck Internet Protocol Version 6 (TCP/IPv6) from the Local Area Connection Properties window.com/netmon/Default. but does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface. Run the netsh ras ipv6 set command.The Power of Knowing . All computers are members of the Active Directory domain. Which of the following options would you choose to disable IPv6 for all connections except for the tunnel interface and the IPv6 Loopback interface? A.com/technet/network/ipv6/ipv6faq. The corporate network of the company consists of a single Active Directory domain.microsoft. This is because unlike Windows XP and Windows Server 2003.aspx?p=2 QUESTION 99: You are an Enterprise administrator for Certkiller .exe. Uncheck Internet Protocol Version 6 (TCP/IPv6) from the Local Area Connection Properties window. Answer: D Explanation: To disable IPv6 for all connections except for the tunnel interface and the IPv6 Loopback interface. Run the netsh interface ipv6 delete command. Reference: IPv6 for Microsoft Windows: Frequently Asked Questions http://www. The domain consists of a server called Certkiller Server1 that runs the Network Access Policy server role. Remove the IPv6 protocol by using ipv6.technet. obtain properties on all of your connections and adapters and clear the check box next to the Internet Protocol version 6 (TCP/IPv6) component in the list. B. IPv6 in Windows Vista and Windows Server 2008 cannot be uninstalled. Which of the following options would you choose to prevent DHCP clients from receiving IP addresses that are currently in use on the network? Actualtests. you can disable IPv6 in Windows Vista and Windows Server 2008 by doing one of the following: In the Network Connections folder. This method disables IPv6 on your LAN interfaces and connections. The company consists of a DHCP server. you restored the DHCP database by using a recent backup. D.070-642 Reference: Network Monitor/ Stop That Capture: How does NMCap get stopped? http://blogs.mspx QUESTION 100: You are an Enterprise administrator for Certkiller .com .

Set the metric value to 1 in the properties of the LAN2 network connection.com. B.The Power of Knowing . Set the metric value to 1 in the properties of the LAN1 network connection. Set the DHCP server option to 44. C. C. The corporate network of the company consists of a single Active Directory domain. When this value is increased to the value of 1 or 2. Which of the following options would you choose to prevent the Certkiller DHCP1 from responding to DHCP client requests on LAN2 while allowing it to continue to respond to non-DHCP client requests on LAN2? A. The Change Server Connection Bindings option in DHCP Snap-in allows you to view the connections through which the DHCP server is providing addresses. Set the Conflict Detection value to 2. E. called Certkiller DHCP1 that has two network connections named LAN1 and LAN2. D. All the servers on the corporate network run Windows Server 2008. "Conflict detection attempts" is set to 0. Create a new multicast scope from the DHCP snap-in. B.com/article/articleid/47133/how-can-i-enable-conflict-detection-on-my-dhcp-server.html QUESTION 101: You are an Enterprise administrator for Certkiller . The network consists of a DHCP server.070-642 A. which means that DHCP server should not check the addresses that it is assigning to its clients. Answer: D Explanation: To prevent DHCP clients from receiving IP addresses that are currently in use on the network.com . None of the above Answer: D Explanation: To prevent the Certkiller DHCP1 from responding to DHCP client requests on LAN2 while allowing it to continue to respond to non-DHCP client requests on LAN2. By default. If you have Actualtests. Set the Conflict Detection value to 0. All computers are members of the Active Directory domain. you need to modify the bindings to associate only LAN1 with the DHCP service from the DHCP snap-in. Set the DHCP server option to 15. this would enable the DHCP server to check once or twice to determine whether the address is in use before giving it to a client Reference: How can I enable conflict detection on my DHCP server? http://windowsitpro. Modify the bindings to associate only LAN1 with the DHCP service from the DHCP snap-in. D. you need to set the Conflict Detection value to 2.

you need to assign the Client (Respond Only) IPsec policy to all client computers.petri. and Troubleshooting DHCP/ DHCP Server Common Commands http://www. E. the client will respond appropriately. Reference: What are IPSEC Policies and how do I work with them? http://www. The domain consists of a server called Certkiller Server1 on which the Secure Server (Require Security) IPsec policy is assigned by using a GPO. can configure DHCP for only selected interfaces. if a server requests that the client go into secure communications mode. However.htm Actualtests. This policy is designed to be run on client machines that don't normally need to worry about security.com. Restart the IPsec Policy Agent service on Certkiller Server1. Once this policy has been applied. B. Reference: Implementing. the network users reported that they fail to connect to Certkiller Server1. D. Assign the Client (Respond Only) IPsec policy to all client computers. the server will neither send nor accept insecure communications. All computers are members of the Active Directory domain.com/articles/article.The Power of Knowing .070-642 multiple network adapters in a DHCP server. C.il/what_are_ipsec_policies. None of the above Answer: A Explanation: The network users fail to connect to Certkiller Server1 when Secure Server (Require Security) IPsec policy was assigned because this policy require all communications to be secure. Managing. The policy is designed in such a way that the client will never initiate secure communications on its own. Assign the Client (Respond Only) IPsec policy to Certkiller Server1. Which of the following options would you choose to ensure that users can connect to Certkiller Server1 and all connections to Certkiller Server1 must be encrypted? A.aspx?p=684650&seqNum=5 QUESTION 102: You are an Enterprise administrator for Certkiller . Any client wanting to communicate with the server must use at least the minimum level of security described by the policy. after this assignment.informit. All the servers on the corporate network run Windows Server 2008 and all client computers run Windows Vista. You can click the Bindings button to view and configure the binding on your computer. However.co. The network users may not be fulfilling the defined security requirements.com . The corporate network of the company consists of a single Active Directory domain. Assign the Server (Request Security) IPsec policy to Certkiller Server1. To ensure that users can connect to Certkiller Server1 and all connections to Certkiller Server1 must be encrypted.

net.com. Only limited numbers of DNS records are transferred to the DNS server in the branch office.root-servers. You have been asked to install DNS on a member server in a branch office and ensure that: 1. C Explanation: To prevent the DNS server from sending queries to blast. The company consists of a head office and a branch office. How should you accomplish this? A. Because ethe root hints are enabled. The DNS server in the branch office is able to query any DNS server in the head office. 2. The corporate network of the company consists of Active Directory integrated DNS.root-servers. D. On the DNS server.root-servers. Install a DNS server in the branch office and configure a primary zone on it. disable the netmask ordering option. Which of the following options would you choose to prevent the DNS server from sending queries to blast.The Power of Knowing .com . The corporate network of the company consists of servers that run Windows Server 2008 and multiple DNS servers in the head office. Enable forwarding to your ISPs DNS servers. you run a network capture and noticed that the DNS server is sending DNS name resolution queries to a server named blast.microsoft. configure the Reverse Lookup Zones. you need to disable the root hints on the DNS server. For the IP subnets on the network.) A.com/windowsserver2008/en/library/aeb2265d-8965-4b7e-bb28704c36be4d401033. Root hints are used to enable any DNS server to locate the DNS root servers. Forwarding enables you to route name resolution through specific servers instead of using root hints. Actualtests. you need to enable forwarding to your ISPs DNS servers. On the DNS server.net. the DNS server was sending all queries to blast.net. The servers on the network run Windows Server 2008. Answer: B.net and make sure that it must be able to resolve names for Internet hosts? (Choose two.root-servers. As a part of your routine security check. Reference: Reviewing DNS Concepts/ Recursive name resolution http://technet2.ms QUESTION 104: You are an Enterprise administrator for Certkiller . Each correct answer presents part of the solution.com. Next to resolve names for Internet hosts. B.070-642 QUESTION 103: You are an Enterprise administrator for Certkiller . C. disable the root hints.

Install a DNS server in the branch office and configure a stub zone on it. This means that only limited numbers of DNS records are transferred to the DNS server in the branch office and replicating zone information from master to stub zone adds almost nil DNS traffic to your network as the records for name servers rarely change unless you decommission an old name server or deploy a new one. E. C. Reference: DNS Server Role http://technet2. A stub zone is a copy of a zone that contains only the resource records that are necessary to identify the authoritative DNS servers for that zone.dada. create a new Service Locator (SRV) Actualtests. Install a DNS server in the branch office and configure a stub zone on the DNS server in the head office.com consists of a server called TechBlasterServer2 that runs the DNS server role. or a records for other hosts in the zone. TechBlasters. All of the above Answer: B Explanation: To ensure that the DNS server in the branch office is able to query any DNS server in the head office and that only limited number of DNS records that are transferred to the DNS server in the branch office.blog.com. you need to.com/windowsserver2008/en/library/533a1cfc-5173-4248-914c433bd018f66d1033. they are always very small.The Power of Knowing . MX records.com .com. a records for all name servers authoritative for the zone and no CNAME records.com. The master for the stub zone on Certkiller Server1 is Certkiller Server2.microsoft.com consists of a server called Certkiller Server1 that runs the DNS server role and the network of TechBlasters. Install a DNS server in the branch office and configure a secondary zone on it. Because a stub zone contain only a copy of the SOA record. All the servers on the corporate network of both the companies run Windows Server 2008.net/post/439393/What+is+Stub+zone+in+DNS QUESTION 105: You are an Enterprise administrator for Certkiller .070-642 B. Recently the Certkiller Server2 fails and the users are not able to resolve names for the partner company. Therefore it needs to be configured at the branch office only.msp Reference: What is Stub zone in DNS/ What Stub Zones Do http://caloni00net. SRV records. NS records for all name servers authoritative. The network of Certkiller . just a few records. Which of the following options would you choose to ensure that users are able to resolve names for techblasters. D. A stub zone keeps a DNS server hosting a parent zone aware of the authoritative DNS servers for its child zone.com in such a scenario? A. install a DNS server in the branch office and configure a stub zone on it. A stub zone exists on Certkiller Server1. The company works in collaboration with a partner company called TechBlasters. In the primary DNS zone on TechBlasterServer2.

Change the stub zone to a secondary zone on Certkiller Server1.windowsnetworking. To ensure that users are able to resolve names for techblasters. Weight Protocol. Priority. Canonical Name (CNAME) C. Well-Known Service (WKS) E. then the stub zone records eventually expire. In the SOA record for the zone on TechBlasterServer2. The company consists of two Servers called Certkiller Server1 and Certkiller Server2.The Power of Knowing . and Host offering this service for the custom application? A. C. Answer: D Explanation: Users are not able to resolve names for techblasters. Although it contains read-only zone information. Which of the following type of records would you create to configure DNS on Certkiller Server1 to include the parameters such as Service. it requires the IP address of at least one DNS server in the source domain to the DNS server hosting the stub zone.asp?EditorialsID=641 Reference: DNS Stub Zones in Windows Server 2003 http://www. Host Info (HINFO) D.com/articles_tutorials/DNS_Stub_Zones.com in such a scenario. The Certkiller Server1 is a domain controller that runs DNS server role and Certkiller Server2 runs a custom application. If this server goes down. D. The corporate network of the company consists of servers that run Windows Server 2008. This is because the primary name server notifies the secondary zone server keeps an identical copy of the primary zone.com because the master server has failed.070-642 record and a new host (A) record for Certkiller Server1. Service Locator (SRV) B. Port number.com/columns/article. B. In the DNS zone on TechBlasterServer2. change the Minimum (default) TTL setting to 12 hours. Actualtests. create a new RouteThrough (RT) record and a new host (A) record for Certkiller Server1. None of the above Answer: A Explanation: To configure DNS on Certkiller Server1 to include the parameters such as Service.com . You need to remove stub zone because . Reference: The Long and Short of Stub Zones / What Happens if a Source Server Goes Offline? http://redmondmag.com. it can resolve names of the existing names. you need to change the stub zone to a secondary zone on Certkiller Server1.html QUESTION 106: You are an Enterprise administrator for Certkiller .

2.2. Weight Protocol. An SRV record or Service record is a category of data in the Internet Domain Name System specifying information on available services. At the command prompt. At the command prompt. Service locator (SRV) resource record.com/windowsserver/en/library/9b561e1b-9a0d-43e5-89a89daf07afac0d1033. The company has recently installed an additional DNS services on a server called Certkiller Server1.3 PTR In the above command the DNS namespace of the Pointer (PTR) resource record is specified by targeted_domain_name.in-addr. The corporate network of the company consists of a single Active Directory domain.127. Reference: SRV Record http://en. All the servers on the corporate network run Windows Server 2008.2.3. C. None of the above Answer: A Explanation: To delete the pointer record for the IP address 10.The Power of Knowing .3. run the dnscmd /RecordDelete 10.in-addr.com.3.3.arpa.arpa. The rest of the commands cannot be used because they cannot delete a PTR record. Port number.org/wiki/SRV_record Reference: Resource records reference / SRV http://technet2.2. This is often used in special domains such as the in-addr.3 PTR command B. 127. A PTR record always has a Reverse Lookup zone and reverse look-up files refer to domains by reversing the IP address octets.2. run the dnscmd /ZoneDelete 127.127.com/windowsserver/en/library/9b561e1b-9a0d-43e5-89a8Actualtests.in-addr. This record enables you to maintain a list of servers for a well-known server port and transport protocol type ordered by preference for a DNS domain name. run the dnscmd /RecordDelete 10. and Host offering this service for the custom application.3. the filenames are usually similar.in-addr. you need to use the command run the dnscmd /RecordDelete 10.microsoft.arpa command E.070-642 Priority.wikipedia.microsoft. The above given command will delete all PTR records at the 10. 127.arpa domain tree to provide reverse lookups of address-to-name mappings. 127. which is the IP address of the Reverse loop up zone for the zone 10.127 command. Allows multiple servers providing a similar TCP/IP-based service to be located using a single DNS query operation. Reference: Delete a resource record from a zone http://technet2. Therefore the IP address you specify is 10. you need to configure Service Locator (SRV) records.127 address.2.2. Which of the following options would you choose to delete the pointer record for the IP address 10.com . D.in-addr. Delete the 127.arpa.arpa zone by using DNS manager.127? A.3 PTR. At the command prompt.2.mspx?mf QUESTION 107: You are an Enterprise administrator for Certkiller .

In the Start Of Authority (SOA) record for the zone. The company consists of a head office and two branch offices that are connected through WAN. The DNS servers in the branch offices use the main office DNS server as the DNS Master server for the zone. Reference: DNS Resource Records/ SOA Record Data Fields http://www.070-642 9daf07afac0d1033.com . decrease the Refresh Interval setting. The Active Directory-integrated zone is configured in the head office for the domain.com. you need to increase the Refresh Interval setting in the Start Of Authority (SOA) record for the zone.shtml#topic2 QUESTION 109: You are an Enterprise administrator for Certkiller .windowsitlibrary. This is because the Refresh interval tells the secondary nameserver how often to poll the primary nameserver and how often to check for a serial number change. disable the netmask ordering option. In the Start Of Authority (SOA) record for the zone.mspx?mf Reference: Domain Name Service Basics http://www. D. C. In the properties of the DNS Master server for the zone.com/Content/212/03/3.com. The branch office hosts a DNS secondary zone on a DNS server Actualtests. Which of the following options would you choose to minimize DNS zone transfer traffic over the WAN links? A. The corporate network of the company consists of servers that run Windows Server 2008. All the servers on the corporate network run Windows Server 2008. If the refresh interval is higher that the transfers will occur less frequently and the DNS zone transfer traffic over the WAN links will be minimized. This interval effects how long it takes for DNS changes made on the primary nameserver to propagate.The Power of Knowing . Both the branch offices consist of a member server that hosts a secondary zone for the domain. The corporate network of the company consists of a head office and a branch office. B.cisco.html QUESTION 108: You are an Enterprise administrator for Certkiller . In the Start Of Authority (SOA) record for the zone.com/en/US/tech/ CK6 48/ CK3 62/technologies_tech_note09186a0080094727. The head office consists of three domain controllers that run DNS service on them. Answer: C Explanation: To minimize DNS zone transfer traffic over the WAN links. The head office consists of a domain controller called Certkiller DC1 that hosts a DNS primary zone. decrease the Retry Interval setting. increase the Refresh Interval setting.

set the refresh interval to 10 minutes. To remove the stale record. Restart the DNS Server service on Certkiller DC1. you changed the IP address of an existing server named Certkiller SRV2 in the head office. All client computers on the network are configured to use their local server for DNS resolution. All the servers on the corporate network run Windows Server 2008. you enabled DNS scavenging on Certkiller Server1. Certkiller .070-642 named Certkiller SRV1.com. you again noticed that the same stale resource records still lay na. after three weeks.com. C. you need to Actualtests.co.com .com. Run the "dnscmd" Certkiller Server1 /StartScavenging command. During your routine security check.com zone. Certkiller . Certkiller . D.com zone integrated with ADDS and loaded at the server.com even after enabled DNS scavenging on Certkiller Server1 because the Certkiller Server1 may not have na.com? A. you noticed a few stale resource records in the na. Certkiller .com. The corporate network of the company consists of an Active Directory forest that has single Active Directory domain called na. Which of the following options would you choose to ensure that Certkiller SRV1 reflects the change immediately? A. Stop and restart the DNS service on Certkiller Server1. On the StartOf Authority (SOA) record.il/dnscmd_command_in_windows_2000_2003.The Power of Knowing .htm QUESTION 110: You are an Enterprise administrator for Certkiller . B. To accomplish a given task. you need to run the dnscmd command on Certkiller SRV1 and use the /zonerefresh option for the command The dnscmd /zonerefresh option will manually force zone replication on Certkiller SRV1 Reference: How can I easily administer DNS servers by using the command prompt? http://www. Certkiller .petri. None of the above Answer: B Explanation: You again noticed the same stale resource records still lay na. Run the dnscmd /zonerefresh command on Certkiller DC1. E. Which of the following options would you choose to ensure that the stale resource records are removed from na. Run the dnscmd Certkiller Server1 /AgeAllRecords command. C. However. B.com zone. The network consists of a server called Certkiller Server1 that runs the DNS server role. To ensure that the stale resource records are removed from na. Certkiller . Run the dnscmd /zonerefresh command on Certkiller SRV1 Answer: D Explanation To ensure that Certkiller SRV1 reflects the change immediately. Enable DNS scavenging on the na. Certkiller . D. Certkiller .

The aging and scavenging can be configured for specified zones on the DNS server to make sure that the stale records are removed from the specified zone. 802.biztechmagazine. Create a Group Policy object (GPO) and link it to the domain and then set the Require trusted path for credential entry option to Enabled.070-642 enable DNS scavenging on the na. Create a Group Policy object (GPO) and link it to the Domain Controllers organizational unit (OU) and then enable the Security Center. Reference: Enable Aging and Scavenging for DNS http://technet2. The company consists of a head office and a branch office. Dynamic Host Configuration Protocol (DHCP) and VPN.com/article.com. The corporate network of the company consists of servers that run Windows Server 2008.asp?item_id=382 Reference: Enabling NAP on clients through group security policies http://forums. The head office of the company has Network Access Protection (NAP) enforcement deployed for VPNs.microsoft. NAP restricts clients using the following enforcement methods: IP security (IPsec). either wirelessly or physically using the Security Center. to enable NAP on all the clients in your domain.microsoft. Create a Group Policy object (GPO) and link it to the domain and then enable the Security Center. D.com .technet.msp QUESTION 111: You are an Enterprise administrator for Certkiller . which are connected through VPN connectivity. The solution was restricted to dial-up/VPN clients only.The Power of Knowing . C. NAP improves on this functionality by additionally restricting clients that connect to a network directly. which provided the ability to restrict access to a network for dial-up and virtual private network (VPN) clients. Certkiller . B.com/en-US/winserverNAP/thread/749e65c7-42fa-40da-84b8-c8edc62b3eda/ QUESTION 112: Actualtests.com/windowsserver2008/en/library/7972082c-22a1-44fc-8e39841f7327b6051033. you should create a group policy and link it to a domain and then enable the Security Center Reference: Network Access Protection http://www.1x. However. Which of the following options would you choose to ensure that the health of all clients can be monitored and reported? A. Answer: B Explanation: The NAP replaces Network Access Quarantine Control (NAQC) in Windows Server 2003. Create a Group Policy object (GPO) and link it to the Domain Controllers organizational unit (OU) and then enabled the Require trusted path for credential entry option.com zone.

E. The use of smart cards for user authentication is the strongest form of authentication in the Windows Server2003 family. B. The TCP/IP properties for the file server showed that it is configured to obtain IP address automatically and the users computers were configured with IP addresses and subnet masks. Use WPA2. 802. and MSCHAP v2 and also require strong user passwords.microsoft. the users reported that they are unable to access the shared files.1X authentication and EAP-TLS. C. Which of the following options would you choose to configure the wireless network to accept smart cards? A.com. How should you configure the TCP/IP properties on the file server? A. Reference: Using smart cards for remote access http://technet2. C.The Power of Knowing . and MSCHAP v2. you must use the Extensible Authentication Protocol (EAP) with the Smart card or other certificate (TLS) EAP type. Use WPA. you need to configure a static IP Actualtests. Answer: C Explanation: To ensure that users are able to access the shared files. However. The company has Active Directory Certificate Services (AD CS) and Network Access Protection (NAP) deployed on the network. also known as EAP-Transport Level Security (EAP-TLS).1X authentication and EAP-TLS.com . Add the domain to the DNS suffix on the network interface. Configure the file server with static IP address. Configure the DNS server address. The corporate network of the company consists of a single Active Directory domain. None of the above Answer: C Explanation: To configure the wireless network to accept smart cards.com. PEAP. D.1X authentication. You have deployed a file server on the corporate network on a server that runs Windows Server 2008. You configured a shared folder on the server so that users can access shared files on the file server. For remote access connections. you need to use WPA2. B. Use WPA2. and MSCHAP v2. PEAP. 802. 802. All the servers on the corporate network run Windows Server 2008.070-642 You are an Enterprise administrator for Certkiller . Use WEP. D. PEAP. Configure the default gateway on the file server.mspx?m QUESTION 113: You are an Enterprise administrator for Certkiller . You need to ensure that users are able to access the shared files.com/windowsserver/en/library/c19be042-6b5c-407a-952d-fb6f451b5edd1033.

com\dfs. All domain users store their data in subfolders within the DFS namespace.com. from creating new folders or new files at the root of the \ Certkiller . changing.net/forum/affich-2335-need-help-to-setup-a-lan-connection-between-2 QUESTION 114: You are an Enterprise administrator for Certkiller . Reference: need help to setup a lan connection between 2 http://en.The Power of Knowing . start the Delegate Management Permissions Wizard for the DFS namespace named \ Certkiller .com. All the servers on the corporate network run Windows Server 2008. first configure the NTFS permissions for the C:\DFSroots\dfs folder and then set the Create folders/append data special permission to Deny for the Authenticated Users group and set the Full Control permission to Allow for the Administrators group. D. the Ethernet adapters will need to be configured with a static IP address and a common Subnet mask.kioskea. E.com/articles/article.255.com\dfs and then remove all groups that have the permission type Explicit except the Administrators group.1 and assign the second PC an IP address of 192.com\dfs share? A. None of the above Answer: C Explanation: To prevent all users.exe \ Certkiller FS1\dfs /restore command on Certkiller FS1. C. except administrators. The company has a server named Certkiller FS1 that hosts the domain-based DFS namespace named \ Certkiller .255.com . As an example. Reference: Managing Files and Folders in Windows Vista http://www.198. On Certkiller FS1. Configure the \ Certkiller FS1\dfs shared folder permissions by setting the permissions for the Authenticated Users group to Reader and the Administrators group to Co-owner. from creating new folders or new files at the root of the \ Certkiller .informit. B.0.0.070-642 address on the file server because In order for both PC's to be able to communicate together. Run the dfscmd.aspx?p=698129&seqNum=29 QUESTION 115: You are an Enterprise administrator for Certkiller . The corporate network of Actualtests. Which of the following options would you choose to prevent all users. Both machines should use the Subnet mask 255. and deleting all files.2. On Certkiller FS1.198.0. adding.com\dfs share. except administrators. you need to configure the \ Certkiller FS1\dfs shared folder permissions by setting the permissions for the Authenticated Users group to Reader and the Administrators group to Co-owner Reader is allowed to only view the files and folders and a Co-owner is allowed viewing. assign one PC an IP address of 192. The corporate network of the company consists of a single Active Directory domain.

Which of the following options would you choose to restore the company's Windows SharePoint Services (WSS) site to Certkiller Server2. applications. Run Wbadmin to restore the application and the sites from backup. E.com.msp Reference:Active Directory Backup and Restore in Windows Server 2008 http://technet. Run Wbadmin and restore the system state. The Certkiller PrintServer2 is recently added to the Print Management console on Certkiller PrintServer1. However. The print server located in the head office was named as Certkiller PrintServer1 and the print server located in the branch office was named as Certkiller PrintServer2.com/windowsserver2008/en/library/4b0b3f32-d21f-4861-84bbb2eadbf1e7b81033. To get rid of the problem. you need WSS on Certkiller Server2 and therefore you need to install WSS on it. you installed another server called Certkiller Server2 with Windows Backup and Restore utility. None of the above Answer: B Explanation: To restore the company's Windows SharePoint Services (WSS) site to Certkiller Server2. Which of the following options would you choose to send an automatic notification to the users when a printer is not available? Actualtests.microsoft. to run the WSS site. Both the offices of the company consist of a print server each. Run Wbadmin Start Recovery on the command line and then install WSS.microsoft. A.com/windowsserver2008/en/library/4b0b3f32-d21f-4861-84bbb2eadbf1e7b81033.com . On a network server called Certkiller Server1.The Power of Knowing . C. However due to some reason the Certkiller Server1 failed and stopped responding. Certkiller PrintServer1 manages 15 printers and Certkiller PrintServer2 manages seven printers. The Windows Backup and Restore utility is installed. Reference: http://technet2.msp http://technet2. D. Run Wbadmin Get Versions on the command line and then install WSS.microsoft.aspx QUESTION 116: You are an Enterprise administrator for Certkiller . B. The Start Recovery option will run a recovery of the volumes. you need to run Wbadmin with the Start Recovery option and then install WSS on the Server.070-642 the company consists of servers that run Windows Server 2008. or folders specified and will recover the application and sites.com/en-us/magazine/cc462796(TechNet.10). The corporate network of the company consists of servers that run Windows Server 2008. The company consists of a head office and a branch office. files.

On Certkiller PrintServer1 and Certkiller PrintServer2. You should not use the With Jobs printer filter because this filter will bring out the filters that already have print jobs and are working. All servers in the domain run Windows Server 2008.windowsnetworking. configure an e-mail notification. Forwarded Events log on Certkiller 4. For the Printers Not Ready printer filter. or a script can be specified to be run when the condition is met. To accomplish this task you created a default subscription on Certkiller 4 for Certkiller 5. B. Forwarded Events log on Certkiller 5. The Printers Not Ready filter can help you to quickly find out which printers are not ready by selecting the Printers Not Ready node and the email notifications can be sent when the filter condition is met. On Certkiller PrintServer1 and Certkiller PrintServer2.com . enable the Show informational notifications for local printers option. C. D. For the Printers With Jobs printer filter.The Power of Knowing . Reference: Using Printer Filters http://www.070-642 A. E. None of the above Answer: B Actualtests.microsoft.html Reference: Create a New Printer Filter http://technet2.com/articles_tutorials/Managing-Printers-Windows-Server-2003-R2. you need to use the default print filter called Printers Not Ready to sort the filters that are not in working condition and then configure an email notification for the users telling them that the printer is not available.com/windowsserver2008/en/library/0ba8afd8-40fb-440a-8c954b3aebd219281033. B. Which of the following event logs would you select. You wanted to configure Event forwarding and subscription in the domain server. C. enable the Show informational notifications for network printers option. D. configure an e-mail notification. Application log on Certkiller 5. System log on Certkiller 4. to review the system events for Certkiller 5? A. E.msp QUESTION 117: The corporate network of Certkiller consists of a Windows Server 2008 single Active Directory domain that contains two domain controllers named Certkiller 4 and Certkiller 5. None of the above Answer: B Explanation: To send an automatic notification to the users when a printer is not available.

The Event Collector service can automatically forward event logs to other remote systems. Reference: Event Viewer http://en.The Power of Knowing .org/wiki/Event_Viewer Actualtests.wikipedia. you need to view theForwarded Events log on Certkiller 4. running Windows Vista or Windows Server 2008 on a configurable schedule.070-642 Explanation: To review the system events for Certkiller 5. Event logs can also be remotely viewed from other computers or multiple event logs can be centrally logged and monitored agentlessly and managed from a single computer. which is configured to centrally manage events.com .