TS: Windows Server 2008 Network Infrastructure, Configuring
Question No: 201 – (Topic 3)
Your network contains an Active Directory forest named contoso.com. Contoso.com contains three domain controllers that run Windows Server 2008 R2 and three domain controllers that run Windows Server 2003. All domain controllers are configured as DNS
You configure the contoso.com zone to use DNSSEC.
You need to ensure that the zone only replicates to DNS servers that support DNSSEC. What should you do first?
Modify the Notify settings of the contoso.com zone.
Create an application directory partition.
Move the contoso.com zone to the ForestDnsZones application directory partition.
Add a server certificate to the Windows Server 2003 DNS servers.
Question No: 202 – (Topic 3)
Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 contains two shared folders named Share1 and Share2. The shared folders are located on the same volume.
You need to prevent users from storing more that 100 MB of data in Share1 only. What should you install on Server1?
File Server Resource Manager (FSRM)
Network Policy Server (NPS)
Services for Network File System (NFS)
Windows System Resource Manager (WSRM)
Answer: A Explanation:
On the Quota Management node of the File Server Resource Manager Microsoft庐 Management Console (MMC) snap-in, you can perform the following tasks:
Create quotas to limit the space allowed for a volume or folder, and generate notifications when the quota limits are approached or exceeded.
Generate auto apply quotas that apply to all existing subfolders in a volume or folder and to any subfolders that are created in the future.
Define quota templates that can be easily applied to new volumes or folders and then
Question No: 203 – (Topic 3)
Your company has two servers that run Windows Server 2008 R2 named Server2 and Server3. Both servers have the DNS Server server role installed. Server3 is configured to forward all DNS requests to Server2.
You update a DNS record on Server2.
You need to ensure that Server3 is able to immediately resolve the updated DNS record. What should you do?
Run the dnscmd . /clearcache command on Server3.
Run the ipconfig /flushdns command on Server3.
Decrease the Time-to-Live (TTL) on the Start of Authority (SOA) record of na.contoso.com to 15 minutes.
Increase the Retry Interval value on the Start of Authority (SOA) record of na.contoso.com to 15 minutes.
Answer: A Explanation:
Question No: 204 – (Topic 3)
Your network contains one Active Directory domain. You have a member server that runs Windows Server 2008 R2.
You need to immediately disable all incoming connections to the server.
What should you do?
From the Services snap-in, disable the IP Helper.
From the Services snap-in, disable the Netlogon service.
From Windows Firewall, enable the Block all connections option on the Public Profile.
From Windows Firewall, enable the Block all connections option on the Domain Profile.
Question No: 205 – (Topic 3)
Your network contains a file server named Server1 that runs Windows Server 2008 R2.
Server1 hosts a shared folder that stores Microsoft Excel spreadsheets. A new Excel spreadsheet is created each day.
You need to ensure that all Excel spreadsheets that are older than one month are automatically moved to a different folder.
What should you do?
Create an Active Directory Rights Management Services (AD RMS) policy template.
Create a quota for the shared folder.
Create a file management task.
Modify the archive attribute of the shared folder.
Answer: C Explanation:
File expiration tasks are used to automatically move all files that match certain criteria to a specified expiration directory, where an administrator can then back those files up and delete them.
When a file expiration task is run, a new directory is created within the expiration directory, grouped by the server name on which the task was run.
The new directory name is based on the name of the file management task and the time it was run. When an expired file is found it is moved into the new directory, while preserving its original directory structure.
Question No: 206 – (Topic 3)
Your network consists of a single Active Directory domain. The domain contains a server named Server1 that runs Windows Server 2008 R2. All client computers run Windows 7. All computers are members of the Active Directory domain.
You assign the Secure Server (Require Security) IPsec policy to Server1 by using a Group Policy object (GPO). Users report that they fail to connect to Server1.
You need to ensure that users can connect to Server1. All connections to Server1 must be encrypted.
What should you do?
Restart the IPsec Policy Agent service on Server1.
Assign the Client (Respond Only) IPsec policy to Server1.
Assign the Server (Request Security) IPsec policy to Server1.
Assign the Client (Respond Only) IPsec policy to all client computers.
Answer: D Explanation:
Client (Respond Only) – This default policy contains one rule, the default response rule. The default response rule secures communication only upon request by another computer. This policy does not attempt to negotiate security for any other traffic. http://technet.microsoft.com/en-us/library/cc786870(v=ws.10).aspx
Question No: 207 – (Topic 3)
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and corp.nwtraders.com. The network contains a Web server named server1.contoso.com. All client computers run Windows 7.
What should you do?
From the Default Domain Policy Group Policy object (GPO) of corp.nwtraders.com, configure Primary DNS Suffix Devolution.
From the Default Domain Policy Group Policy object (GPO) of corp.nwtraders.com, modify the DNS suffix search list.
From the DNS servers in corp.nwtraders.com, configure a conditional forwarder for contoso.com.
From the DNS servers in corp.nwtraders.com, configure a root hint for contoso.com.
Answer: B Explanation:
For this type of name resolution you need to add a DNS suffix of domains to the DNS Suffix search list to every IP settings of LAN Connections /Advanced settings of IPVx -gt;DNS Tab/ so Domain Policy GPO shoould be used for that. GlobalNames Zone Alias (CNAME) could do the thing with NEtBios resolution either. 😉
Question No: 208 – (Topic 3)
Your company has a network that has an Active Directory domain. The domain has two servers named DC1 and DC2.
You plan to collect events from DC2 and transfer them to DC1. You configure the required subscriptions by selecting the Normal option for the Event delivery optimization setting and by using the HTTP protocol.
You discover that none of the subscriptions work.
You need to ensure that the servers support the event collectors.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
Run the wecutil qc command on DC1.
Run the wecutil qc command on DC2.
Run the winrm quickconfig command on DC1.
Run the winrm quickconfig command on DC2.
Add the DC2 account to the Administrators group on DC1.
Add the DC1 account to the Administrators group on DC2.
Answer: A,D,F Explanation:
To configure computers in a domain to forward and collect events
-Log on to all collector and source computers. It is a best practice to use a domain account with administrative privileges.
-On each source computer, type the following at an elevated command prompt: winrm quickconfig
-On the collector computer, type the following at an elevated command prompt: wecutil qc
-Add the computer account of the collector computer to the local Administrators group on each of the source computers.
Question No: 209 – (Topic 3)
Your company has a single Active Directory domain.
The company has a main office and three branch offices. The domain controller in the main office runs
Windows Server 2008 R2 and provides DNS for the main office and all of the branch offices. Each branch office contains a file server that runs Windows Server 2008 R2.
Users in the branch offices report that it takes a long time to access network resources. You confirm that there are no problems with WAN connectivity or bandwidth. You need to ensure that users in the branch offices are able to access network resources as quickly as possible.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
Configure a standard primary zone in each of the branch offices.
Configure forwarders that point to the DNS server in the main office.
Configure a secondary zone in each of the branch offices that uses the main office DNS server as a master.
Install DNS servers in each of the branch offices.
Question No: 210 – (Topic 3)
Your network contains an Active Directory domain. You deploy Network Access Protection (NAP).
You need to verify whether VPN clients have Windows Firewall enabled. What should you configure?
connection request policies
IKEv2 client connections
Group Policy preferences
the RADIUS Authentication authentication provider
remediation server groups
the Windows Authentication authentication provider
the Windows Accounting accounting provider
the RADIUS Accounting accounting provider
system health validators (SHVs)
Answer: I Explanation:
System health validators (SHVs) define configuration requirements for NAP client computers. All SHVs include five error code conditions. If an error code is returned to the SHV, you can choose to have the SHV evaluate the client as either compliant or noncompliant.
100% Ensurepass Free Download!
–Download Free Demo:70-642 Demo PDF
100% Ensurepass Free Guaranteed!
–Download 2018 EnsurePass 70-642 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|