TS: Windows Server 2008 Network Infrastructure, Configuring
Question No: 281 – (Topic 3)
Your network contains an Active Directory domain. The domain contains two DHCP servers named DHCP1 and DHCP2.
On DHCP1, you create a scope named Scope1.
You configure Scope1 as a split scope and add DHCP2 as an additional DHCP server. You need to ensure that DHCP1 and DHCP2 can issue IP addresses.
What should you do from the DHCP console?
Reconcile Scope1 on DHCP2.
Activate Scope1 on DHCP2.
Restart the DHCP Server service on DHCP2.
Update the range of IP addresses on DHCP1.
Answer: B Explanation:
Question No: 282 – (Topic 3)
Your company has a main office and a branch office. The branch office has three servers that run a Server Core installation of Windows Server 2008 R2. The servers are named Server1, Server2, and Server3.
You want to configure the Event Logs subscription on Server1 to collect events from Server2 and Server3. You discover that you cannot create a subscription on Server1 from another computer.
You need to configure a subscription on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
Run the wecutil cs subscription.xml command on Server1.
Run the wevtutil im subscription.xml command on Server1.
Create an event collector subscription configuration file. Name the file subscription.xml.
Create a custom view on Server1 by using Event Viewer. Export the custom view to a file named subscription.xml.
Answer: A,C Explanation:
Question No: 283 – (Topic 3)
Your network contains a server named Server1 that runs Windows Server 2008 R2. The network contains 100 UNIX-based client computers that do not have Samba installed.
You have a shared printer on Server1.
You need to ensure that the UNIX-based client computers can send print jobs to the shared printer.
What should you enable on Server1?
Subsystem for UNIX-based Applications (SUA)
Services for Network File System (NFS)
the LPRPort Monitor
the LPD service
Answer: D Explanation:
Line Printer Daemon (LPD) – A service on a print server that receives print jobs from Line Printer Remote (LPR) tools that are running on client computers. http://technet.microsoft.com/en-us/library/cc783789(v=ws.10).aspx
Question No: 284 – (Topic 3)
Your company has a main office and 15 branch offices. The company has a single Active Directory domain. All servers run Windows Server 2008 R2.
You need to ensure that the VPN connections between the main office and the branch offices meet the following requirements:
->All data must be encrypted by using end-to-end encryption.
->The VPN connection must use computer-level authentication.
->User names and passwords cannot be used for authentication.
What should you do?
Configure an IPsec connection to use tunnel mode and preshared key authentication.
Configure a PPTP connection to use version 2 of the MS-CHAP v2 authentication.
Configure a L2TP/IPsec connection to use the EAP-TLS authentication.
Configure a L2TP/IPsec connection to use version 2 of the MS-CHAP v2 authentication.
Answer: C Explanation:
EAP-Transport Layer Security (EAP-TLS), defined in RFC 5216, is an IETF open standard, and is well supported among wireless vendors. The security of the TLS protocol is strong, provided the user understands potential warnings about false credentials. It uses PKI to secure communication to a RADIUS authentication server or another type of authentication server. So even though EAP-TLS provides excellent security, the overhead of client-side certificates may be its Achilles#39; heel.
EAP-TLS is the original, standard wireless LAN EAP authentication protocol. Although it is rarely deployed, it is still considered one of the most secure EAP standards available and is universally supported by all manufacturers of wireless LAN hardware and software. The requirement for a client-side certificate, however unpopular it may be, is what gives EAP- TLS its authentication strength and illustrates the classic convenience vs. security trade-off. A compromised password is not enough to break into EAP-TLS enabled systems because the intruder still needs to have the client-side private key. The highest security available is when client-side keys are housed in smart cards. This is because there is no way to steal a certificate#39;s corresponding private key from a smart card without stealing the card itself. It is significantly more likely that the physical theft of a smart card would be noticed (and the smart card immediately revoked) than a (typical) password theft would be noticed. Up until April 2005, EAP-TLS was the only EAP type vendors needed to certify for a WPA or WPA2 logo. There are client and server implementations of EAP-TLS in 3Com, Apple, Avaya, Brocade Communications, Cisco, Enterasys Networks, Foundry, HP, Juniper, and Microsoft, and open source operating systems. EAP-TLS is natively supported in Mac OS X 10.3 and above, Windows 2000 SP4, Windows XP and above, Windows Mobile 2003 and above, and Windows CE 4.2
Question No: 285 – (Topic 3)
Your company has a domain with multiple sites. You have a domain-based DFS namespace called \\contoso.com\Management.
The \\contoso.com\Management namespace hierarchy is updated frequently.
You need to configure the \\contoso.com\Management namespace to reduce the workload of the PDC emulator.
What should you do?
Enable the Optimize for scalability option.
Enable the Optimize for consistency option.
Set the Ordering method option to Lowest cost.
Set the Ordering method option to Random order.
Question No: 286 – (Topic 3)
Your network contains a server named Server1 that runs a Server Core installation of Windows Server 2008 R2. Server1 is configured as a DNS server.
You need to ensure that Server1 only resolves name queries from IPv6 clients. What should you do?
Run netsh.exe and specify the dnsclient parameter.
Run dnscmd.exe and specify the /config parameter.
Run dnscmd.exe and specify the /resetlistenaddresses parameter.
Run netsh.exe and specify the interface parameter.
To configure your DNS server to listen over IPv6, do the following:
-Install Windows Support Tools.
For more information, see Install Windows Support Tools
-Open Command Prompt.
-Type the following command: dnscmd /config /EnableIPv6 1
-Restart the DNS Server service.
Question No: 287 – (Topic 3)
Your company has a network that has 100 servers. A server named Server1 is configured as a file server.
Server1 is connected to a SAN and has 15 logical drives.
You want to automatically run a data archiving script if the free space on any of the logical drives is below 30 percent. You need to automate the script execution.
You create a new Data Collector Set. What should you do next?
Add the Event trace data collector.
Add the Performance counter alert.
Add the Performance counter data collector.
Add the System configuration information data collector.
Answer: B Explanation:
You can create a custom Data Collector Set containing performance counters and configure alert activities based on the performance counters exceeding or dropping below limits you define.
After creating the Data Collector Set, you must configure the actions the system will take when the alert criteria are met.
Question No: 288 – (Topic 3)
Your company has a main office and a branch office. The main office has a domain controller named DC1 that hosts a DNS primary zone. The branch office has a DNS server named SRV1 that hosts a DNS secondary zone. All client computers are configured to use their local server for DNS resolution.
You change the IP address of an existing server named SRV2 in the main office. You need to ensure that
SRV1 reflects the change immediately. What should you do?
Restart the DNS Server service on DC1.
Run the dnscmd command by using the /zonerefresh option on DC1.
Run the dnscmd command by using the /zonerefresh option on SRV1.
Set the refresh interval to 10 minutes on the Start of Authority (SOA) record.
Answer: C Explanation:
dnscmd ServerName /zonerefresh ZoneName – Forces a secondary DNS zone to update from the master.
Parameters ServerName: Specifies the DNS server the administrator plans to manage, represented by IP address, FQDN, or Host name. If omitted, the local server is used.
ZoneName: Specifies the name of the zone to be refreshed. Remarks:
The zonerefresh operation forces a check of the version number in the master#39;s SOA record. If the version number on the master is higher than the secondary#39;s version number, then a zone transfer is initiated, updating the secondary server. If the version number is the same, no zone transfer occurs.
*The forced check occurs by default every 15 minutes. To change the default, use the dnscmd config
Question No: 289 – (Topic 3)
Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 and Server2 are configured as DNS servers.
On Server1, you create a primary DNS zone named contoso.com.
You configure Server2 to host a secondary copy of contoso.com. On Server2, you open DNS Manager as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that the contoso.com zone is available on Server2. What should you do?
From Server2, modify the root hints.
From Server1, modify the zone transfer settings of the primary zone.
From Server1, add Server2 as a name server for the zone.
From Server2, modify the zone transfer settings of the secondary zone.
Question No: 290 – (Topic 3)
You perform a security audit of a server named CRM1. You want to build a list of all DNS
requests that are initiated by the server.
You install the Microsoft Network Monitor 3.0 application on CRM1. You capture all local traffic on CRM1 for 24 hours. You save the capture file as data.cap. You find that the size of the file is more than 1 GB.
You need to create a file named DNSdata.cap from the existing capture file that contains only DNS-related data.
What should you do?
Apply the display filter !DNS and save the displayed frames as a DNSdata.cap file.
Apply the capture filter DNS and save the displayed frames as a DNSdata.cap file.
Add a new alias named DNS to the aliases table and save the file as DNSdata.cap.
Run the nmcap.exe /inputcapture data.cap /capture DNS /file DNSdata.cap command.
Answer: D Explanation:
Below is a sample i created :
C:\Users\Administrator\Documents\Network Monitor 3\Capturesgt;nmcap.exe /inputcapture data.cap /capture DNS /file dnsdata.cap
Network Monitor Command Line Capture (nmcap) 3.4.2350.0 Loading Parsers … [INFO] sparser.npb:001.000 Successfully unserialized NPL parser #39;C:\ProgramData\ Microsoft\Network Monitor 3\NPL\NetworkMonitor Parsers\Profiles\64BAA24A-0AAD-44 e6-9846-3BE43D698FF6\sparser.npb. (0x83008006)
Saving info to: C:\Users\Administrator\Documents\Network Monitor 3\Captures\dnsdata. cap – using circular buffer of size 20.00 MB.
ATTENTION: Conversations Enabled: consumes more memory (see Help for details) Note: Process Filtering Enabled.
Exit by Ctrl C
Processing | Received: 4045 Saved: 23 | Time: 0 seconds. Closing generated capture files …
Completed | Received: 4045 Saved: 23 | Time: 0 seconds. C:\Users\Administrator\Documents\Network Monitor 3\Capturesgt;\ #39;\#39; is not recognized as an internal or external command, operable program or batch file.
100% Free Download!
–Download Free Demo:70-642 Demo PDF
100% Pass Guaranteed!
–Download 2018 EnsurePass 70-642 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|