TS: Windows Server 2008 Network Infrastructure, Configuring

QUESTION NO: 1

Your network contains 100 servers that run Windows Server 2008 R2.

A server named Server1 is deployed on the network. Server1 will be used to collect events from the Security event logs of the other servers on the network.

You need to define the Custom Event Delivery Optimization settings on Server1.

Which tool should you use?

A. Event Viewer

B. Task Scheduler

C. Wecutil

D. Wevtutil

Answer: C

QUESTION NO: 2

Your network contains a server that runs Windows Server 2008 R2. You plan to create a custom script.

You need to ensure that each time the script runs, an entry is added to the Application event log.

Which tool should you use?

A. Eventcreate

B. Eventvwr

C. Wecutil

D. Wevtutil

Answer: A

Explanation:

You can create custom events in an event log by using the Eventcreate utility. This can be useful as a diagnostic tool in scripts when you record an error or event directly into the logs without using VBScript or another language to log the event.

http://support.microsoft.com/kb/324145

QUESTION NO: 3

Your network contains a server that has the SNMP Service installed.

You need to configure the SNMP security settings on the server.

Which tool should you use?

A. Local Security Policy

B. Scw

C. Secedit

D. Services console

Answer: D

QUESTION NO: 4

Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 has the SNMP Service installed.

You perform an SNMP query against Server1 and discover that the query returns the incorrect identification information.

You need to change the identification information returned by Server1.

What should you do?

A. From the properties of the SNMP Service, modify the Agent settings.

B. From the properties of the SNMP Service, modify the General settings.

C. From the properties of the SNMP Trap Service, modify the Logon settings.

D. From the properties of the SNMP Trap Service, modify the General settings.

Answer: A

Explanation:

QUESTION NO: 5

You need to capture the HTTP traffic to and from a server every day between 09:00 and 10:00.

What should you do?

A. Create a scheduled task that runs the Netsh tool.

B. Create a scheduled task that runs the Nmcap tool.

C. From Network Monitor, configure the General options.

D. From Network Monitor, configure the Capture options.

Answer: B

Explanation:

Explanation:

nmcap /networks * /capture LDAP /file c:\file.cap

If you want a timer add the following

/startwhen /timeafter x hours

QUESTION NO: 6

Your network contains a single Active Directory domain. All servers run Windows Server 2008 R2. A DHCP server is deployed on the network and configured to provide IPv6 prefixes. You need to ensure that when you monitor network traffic, you see the interface identifiers derived from the Extended Unique Identifier (EUI)-64 address.

Which command should you run?

A. netsh.exe interface ipv6 set global addressmaskreply=disabled

B. netsh.exe interface ipv6 set global dhcpmediasense=enabled

C. netsh.exe interface ipv6 set global randomizeidentifiers=disabled

D. netsh.exe interface ipv6 set privacy state=enabled

Answer: C

Explanation:

Starting Windows Vista, Windows Server 2008 and Windows 7, to prevent address scans of IPv6 addresses based on the known company IDs of network adapter manufacturers, Windows by default generate random interface IDs for non-temporary autoconfigured IPv6 addresses, including public and link-local addresses. A public IPv6 address is a global address that is registered in DNS and is typically used by server applications for incoming connections, such as a Web server.

However, this can cause issues with some connection instances in which case you may need to disable this option.

To prevent Windows from using Random Identifiers,

1. Click Start – search “cmd“, right-click and choose “Run as Administrator“. This should launch the command window withe elevated privileges.

2. Run the following command:

C:\windows\system32> netsh interface ipv6 set global randomizeidentifiers=disabled

At anytime later, you can enable this (if requierd) as follows:

C:\windows\system32> netsh interface ipv6 set global randomizeidentifiers=enabled

http://www.windowsreference.com/networking/disable-ipv6-random-identifier-in-windows-7-server-2008-vista/

QUESTION NO: 7

Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 has the Routing and Remote Access service (RRAS) role service installed.

You need to view all inbound VPN packets. The solution must minimize the amount of data collected.

What should you do?

A. From RRAS, create an inbound packet filter.

B. From Network Monitor, create a capture filter.

C. From the Registry Editor, configure file tracing for RRAS.

D. At the command prompt, run netsh.exe ras set tracing rasauth enabled.

Answer: B

QUESTION NO: 8

Your company is designing its public network. The network will use an IPv4 range of 131.107.40.0/22. The network must be configured as shown in the following exhibit.

You need to configure subnets for each segment.

Which network addresses should you assign?

A. Segment A: 131.107.40.0/23

Segment B: 131.107.42.0/24

Segment C: 131.107.43.0/25

Segment D: 131.107.43.128/27

B. Segment A: 131.107.40.0/25

Segment B: 131.107.40.128/26

Segment C: 131.107.43.192/27

Segment D: 131.107.43.224/30

C. Segment A: 131.107.40.0/23

Segment B: 131.107.41.0/24

Segment C: 131.107.41.128/25

Segment D: 131.107.43.0/27

D. Segment A: 131.107.40.128/23

Segment B: 131.107.43.0/24

Segment C: 131.107.44.0/25

Segment D: 131.107.44.128/27

Answer: A

Explanation:

1: The corresponding CIDR notation prefix lenth is /22.

2: The next myltiple of 8 that is greater than 22 is 24. Octet 3 is interesting.

3: 24-22 = 2, so the incremental is 2^2 =4.

4: The increments in the third octer are 0,4,8,12,16,20,24,28,32,36,40,44,46, and so on.

QUESTION NO: 9

Your company has an IPv6 network that has 25 segments. You deploy a server on the IPv6 network.

You need to ensure that the server can communicate with all segments on the IPv6 network.

What should you do?

A. Configure the IPv6 address as fd00::2b0:d0ff:fee9:4143/8.

B. Configure the IPv6 address as fe80::2b0:d0ff:fee9:4143/64.

C. Configure the IPv6 address as ff80::2b0:d0ff:fee9:4143/64.

D. Configure the IPv6 address as 0000::2b0:d0ff:fee9:4143/64.

Answer: A

QUESTION NO: 10

Your company is designing its network. The network will use an IPv6 prefix of 2001:DB8:BBCC:0000::/53. You need to identify an IPv6 addressing scheme that will support 2000 subnets.

Which network mask should you use?

A. /61

B. /62

C. /63

D. /64

Answer: D

QUESTION NO: 11

Your company uses DHCP to lease IPv4 addresses to computers at the main office. A WAN link connects the main office to a branch office. All computers in the branch office are configured with static IP addresses. The branch office does not use DHCP and uses a different subnet.

You need to ensure that the portable computers can connect to network resources at the main office and the branch office.

How should you configure each portable computer?

A. Use a static IPv4 address in the range used at the branch office.

B. Use an alternate configuration that contains a static IP address in the range used at the main office.

C. Use the address that was assigned by the DHCP server as a static IP address.

D. Use an alternate configuration that contains a static IP address in the range used at the branch office.

Answer: D

QUESTION NO: 12

Your company has computers in multiple locations that use IPv4 and IPv6. Each location is protected by a firewall that performs symmetric NAT.

You need to allow peer-to-peer communication between all locations.

What should you do?

A. Configure dynamic NAT on the firewall.

B. Configure the firewall to allow the use of Teredo.

C. Configure a link local IPv6 address for the internal interface of the firewall.

D. Configure a global IPv6 address for the external interface of the firewall.

Answer: B

Explanation:

In computer networking, Teredo is a transition technology that gives full IPv6 connectivity for Ipv6-capable hosts which are on the IPv4 Internet but which have no direct native connection to an IPv6 network. Compared to other similar protocols its distinguishing feature is that it is able to perform its function even from behind network address translation (NAT) devices such as home routers.

http://technet.microsoft.com/en-us/library/ee126159(v=ws.10).aspx

QUESTION NO: 13

You have a Windows Server 2008 R2 computer that has an IP address of 172.16.45.9/21. The server is configured to use IPv6 addressing. You need to test IPv6 communication to a server that has an IP address of 172.16.40.18/21.

What should you do from a command prompt?

A. Type ping 172.16.45.9:::::.

B. Type ping::9.45.16.172.

C. Type ping followed by the Link-local address of the server.

D. Type ping followed by the Site-local address of the server.

Answer: C

QUESTION NO: 14

Your network contains a DHCP server named DHCP1 that runs Windows Server 2008 R2. All client computers on the network obtain their network configurations from DHCP1.

You have a client computer named Client1 that runs Windows 7 Enterprise. You need to configure Client1 to use a different DNS server than the other client computers on the network.

What should you do?

A. Configure the scope options.

B. Create a reservation.

C. Create a DHCP filter.

D. Define a user class.

Answer: D

Explanation:

http://support.microsoft.com/kb/240247/en-us?fr=1

QUESTION NO: 15

Your network contains a domain controller named DC1 and a member server named Server1.

You save a copy of the Active Directory Web Services (ADWS) event log on DC1. You copy the log to Server1.

You open the event log file on Server1 and discover that the event description information is unavailable.

You need to ensure that the event log file displays the same information when the file is open on Server1 and on DC1.

What should you do on Server1?

A. Import a custom view.

B. Copy the SYSVOL folder from DC1.

C. Copy the LocaleMetaData folder from DC1.

D. Create a custom view.

Answer: C

Explanation:

The LocaleMetaData contains the description/display information that is missing, and when you "save all events as" you should chose to save and "display information".

http://technet.microsoft.com/en-us/library/cc749339.aspx

QUESTION NO: 16

You have a DHCP server that runs Windows Server 2008 R2. You need to reduce the size of the DHCP database.

What should you do?

A. From the DHCP snap-in, reconcile the database.

B. From the folder that contains the DHCP database, run jetpack.exe dhcp.mdb temp.mdb.

C. From the properties of the dhcp.mdb file, enable the File is ready for archiving attribute.

D. From the properties of the dhcp.mdb file, enable the Compress contents to save disk space attribute.

Answer: B

Explanation:

To compact the DHCP database:

CD %SYSTEMROOT%\SYSTEM32\DHCP

NET STOP DHCPSERVER

JETPACK DHCP.MDB TMP.MDB

NET START DHCPSERVER

In the examples above, Tmp.mdb is a temporary database that is used by Jetpack.exe. Wins.mdb is the WINS database. Dhcp.mdb is the DHCP database.

Jetpack.exe compacts the WINS or DHCP database by doing the following:

-Copies database information to a temporary database file called Tmp.mdb.

-Deletes the original database file, Wins.mdb or Dhcp.mdb.

-Renames the temporary database files to the original filename.

http://technet.microsoft.com/en-us/library/hh875589(v=ws.10).aspx://support.microsoft.com/kb/145881/en-us

QUESTION NO: 17

You have a DHCP server that runs Windows Server 2008 R2. The DHCP server has two network connections named LAN1 and LAN2.

You need to prevent the DHCP server from responding to DHCP client requests on LAN2. The server must continue to respond to non-DHCP client requests on LAN2.

What should you do?

A. From the DHCP snap-in, modify the bindings to associate only LAN1 with the DHCP service.

B. From the DHCP snap-in, create a new multicast scope.

C. From the properties of the LAN1 network connection, set the metric value to 1.

D. From the properties of the LAN2 network connection, set the metric value to 1.

Answer: A

Explanation:

Correct answer(s): A

By default, the service bindings depend on whether the network connection is configured dynamically or statically for TCP/IP. Based on the method of configuration it uses, reflected by its current settings in Internet Protocol (TCP/IP) properties, the DHCP Server service performs default service bindings as follows:

If the first network connection uses a manually specified IP address, the connection is enabled in server bindings. For this to occur, a value for IP address must be configured and the Use the following IP address option selected in Internet Protocol (TCP/IP) properties. In this mode, the DHCP server listens for and provides service to DHCP clients.

If the first network connection uses an IP address configured dynamically, the connection is disabled in server bindings. This occurs when the Obtain an IP address automatically option is selected in Internet Protocol (TCP/ IP) properties. For computers running Windows Server 2008 R2 operating systems, this is the default setting.

In this mode, the DHCP server does not listen for and provide service to DHCP clients until a static IP address is configured.

The DHCP server will bind to the first static IP address configured on each adapter.

Note

By design, DHCP server bindings are enabled and disabled on a per-connection, not per-address basis. All bindings are based on the first configured IP address for each connection appearing in the Network Connections folder. If additional static IP addresses (for example, as set in Advanced TCP/IP properties) are configured for the applicable connection, these addresses are never used by DHCP servers running Windows Server 2008 R2 and are inconsequential for server bindings.

DHCP servers running Windows Server 2008 R2 never bind to any of the NDISWAN or DHCP-enabled interfaces used on the server. These interfaces are not displayed in the DHCP console under the current server bindings list because they are never used for DHCP service. Only additional network connections that have a primary static IP address configured can appear in the server bindings list (or be selectively enabled or disabled there).

http://technet.microsoft.com/en-us/library/ee941100(v=ws.10).aspx

QUESTION NO: 18

Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 is configured as a DNS server.

You need to ensure that Server1 only resolves queries issued from client computers in the same subnet as Server1.

The solution must ensure that Server1 can resolve Internet host names.

What should you do on Server1?

A. Configure Windows Firewall.

B. Create a conditional forwarder.

C. Modify the routing table.

D. Create a trust anchor.

Answer: A

QUESTION NO: 19

Your network uses IPv4.

You install a server that runs Windows Server 2008 R2 at a branch office. The server is configured with two network interfaces.

You need to configure routing on the server at the branch office.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Install the Routing and Remote Access Services role service.

B. Run the netsh ras ip set access ALL command.

C. Run the netsh interface ipv4 enable command.

D. Enable the IPv4 Router Routing and Remote Access option.

Answer: A, D

QUESTION NO: 20

Your company has an IPv4 Ethernet network.

A router named R1 connects your segment to the Internet. A router named R2 joins your subnet with a segment named Private1. The Private1 segment has a network address of 10.128.4.0/26. Your computer named WKS1 requires access to servers on the Private1 network. The WKS1 computer configuration is as shown in the following table.

WKS1 is unable to connect to the Private1 network by using the current configuration. You need to add a persistent route for the Private1 network to the routing table on WKS1.

Which command should you run on WKS1?

A. Route add -p 10.128.4.0/22 10.128.4.1

B. Route add -p 10.128.4.0/26 10.128.64.10

C. Route add -p 10.128.4.0 mask 255.255.255.192 10.128.64.10

D. Route add -p 10.128.64.10 mask 255.255.255.192 10.128.4.0

Answer: C

Explanation:

For example, to add a static route to the 10.0.0.0 network that uses a subnet mask of 255.0.0.0, a gateway of 192.168.0.1, you type the following at a command prompt:

route add 10.0.0.0 mask 255.0.0.0 192.168.0.1

http://technet.microsoft.com/en-us/library/cc757323.aspx

QUESTION NO: 21

You need to create a sender policy framework (SPF) record for the e-mail servers on your network.

Which type of resource record should you create?

A. Alias (CNAME)

B. Host Information (HINFO)

C. Signature (SIG)

D. Text (TXT)

Answer: D

Explanation:

Authenticating Outbound E-Mail:

Domain holders need to complete an inventory and publish all IP addresses of their outbound e- mail servers in the DNS zone file. This is an administrative step that requires no changes to an organization's e-mail or DNS software. Even if your domain has no outbound e-mail servers, you can help protect your domain from spoofing by publishing an SPF record in the DNS that states this. Follow the steps below to create and publish an SPF record for each domain name that your organization owns.

1. Determine the IP addresses of the outbound e-mail servers for the domain.

2. Identify the e-mail servers that transmit outbound e-mail for all of the domains and subdomains in your organization, as well as the IP addresses for these servers. You will need to publish a Sender ID record for each of them. If your organization uses any third parties to send e- mail on its behalf, such as an e-mail service provider or a hoster, you will also need to know their domain names. However, you do not need to know the IP addresses of their outbound e-mail servers. (You may want to encourage them to publish Sender ID records for their own domains.)

3. Create the SPF record. You can use the Sender ID Wizard described in this document to make it easier.

(See www.microsoft.com/senderid/wizard.) Note You must create a separate SPF record for each domain and subdomain that sends e-mail for you. It is possible for several domains to share the same Sender ID record.

4. After you have created the SPF records for your organization, publish them in DNS TXT records. You may need the assistance of your DNS administrator, Web hoster, or registrar.

5. Ensure that your domain can be correctly identified as the purported responsible domain (PRD) for each message you send. This means that the sender's domain must be shown in certain headers of the e-mail message. Sender ID has been carefully designed to ensure that most legitimate e-mailers, remailers, and mailing list operators already satisfy this requirement. In a few cases, such as mail forwarding services, you may need to add additional headers to e-mail messages.

QUESTION NO: 22

Your network contains an Active Directory forest named fabrikam.com. The forest contains a DNS server named Server1. You need to configure Server1 to resolve single-label names.

What should you do?

A. Create a DNS zone named GlobalNames. Run dnscmd.exe and specify the Config parameter.

B. Create a DNS zone named GlobalNames. Run dnscmd.exe and specify the CreateDirectoryPartition parameter.

C. Create a DNS zone named RootNames. Run dnscmd.exe and specify the CreateDirectoryPartition parameter.

D. Create a DNS zone named RootNames. Run dnscmd.exe and specify the Config parameter.

Answer: A

Explanation:

Deploying a GlobalNames zone

The specific steps for deploying a GlobalNames zone can vary somewhat, depending on the AD DS topology of your network.

Step 1: Create the GlobalNames zone

The first step in deploying a GlobalNames zone is to create the zone on a DNS server that is a domain controller running Windows Server 2008. The GlobalNames zone is not a special zone type; rather, it is simply an AD DS-integrated forward lookup zone that is called GlobalNames. For information about creating a primary forward lookup zone, see Add a Forward Lookup Zone.

Step 2: Enable GlobalNames zone support

The GlobalNames zone is not available to provide name resolution until GlobalNames zone support is explicitly enabled by using the following command on every authoritative DNS server in the forest:

dnscmd <ServerName> /config /enableglobalnamessupport 1 where ServerName is the DNS name or IP address of the DNS server that hosts the GlobalNames zone. To specify the local computer, replace ServerName with a period (.), for example, dnscmd . /config /enableglobalnamessupport1.

Step 3: Replicate the GlobalNames zone

To make the GlobalNames zone available to all DNS servers and clients in a forest, replicate the zone to all domain controllers in the forest, that is, add the GlobalNames zone to the forest-wide DNS application partition.

For more information, see Change the Zone Replication Scope.

If you want to limit the servers that will be authoritative for the GlobalNames zone, you can create a custom DNS application partition for replicating the GlobalNames zone. For more information, see Understanding DNS Zone Replication in Active Directory Domain Services.

Step 4: Populate the GlobalNames zone

For each server that you want to be able to provide single-label name resolution for, add an alias (CNAME) resource record to the GlobalNames zone. For more information, see Add an Alias (CNAME) Resource Record to a Zone.

Step 5: Publish the location of the GlobalNames zone in other forests

If you want DNS clients in other forests to use the GlobalNames zone for resolving names, add service location (SRV) resource records to the forest-wide DNS application partition, using the service name _globalnames. _msdcs and specifying the FQDN of the DNS server that hosts the GlobalNames zone. For more information, see Add a Resource Record to a Zone and Service Location (SRV) Resource Record Dialog Box. In addition, you must run the dnscmdServerName/config /enableglobalnamessupport 1 command on every authoritative DNS server in the forests that do not host the GlobalNames zone.

http://technet.microsoft.com/en-us/library/cc731744.aspx

QUESTION NO: 23

Your company uses Active Directory-integrated DNS. Users require access to the Internet. You run a network capture.

You notice the DNS server is sending DNS name resolution queries to a server named f.root- servers.net.

You need to prevent the DNS server from sending queries to f.root-servers.net. The server must be able to resolve names for Internet hosts.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Enable forwarding to your ISP's DNS servers.

B. Disable the root hints on the DNS server.

C. Disable the netmask ordering option on the DNS server.

D. Configure Reverse Lookup Zones for the IP subnets on the network.

Answer: A, B

QUESTION NO: 24

Your company has a single Active Directory forest that has six domains. All DNS servers in the forest run Windows Server 2008 R2.

You need to ensure that all public DNS queries are channeled through a single-caching-only DNS server.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Disable the root hints.

B. Enable BIND secondaries.

C. Configure a forwarder to the caching DNS server.

D. Configure a GlobalNames host (A) record for the hostname of the caching DNS server.

Answer: A, C

QUESTION NO: 25

Contoso Ltd. has a single Active Directory forest that has five domains. Each domain has two DNS servers.

Each DNS server hosts Active Directory-integrated zones for all five domains. All domain controllers run Windows Server 2008 R2.

Contoso acquires a company named Tailspin Toys. Tailspin Toys has a single Active Directory forest that contains a single domain.

You need to configure the DNS system in the Contoso forest to provide name resolution for resources in both forests.

What should you do?

A. Configure client computers in the Contoso forest to use the Tailspin Toys DNS server as the alternate DNS server.

B. Create a new conditional forwarder and store it in Active Directory. Replicate the new conditional forwarder to all DNS servers in the Contoso forest.

C. Create a new application directory partition in the Contoso forest. Enlist the directory partition for all DNS servers.

D. Create a new host (A) record in the GlobalNames folder on one of the DNS servers in the Contoso forest. Configure the host (A) record by using the Tailspin Toys domain name and the IP address of the DNS server in the Tailspin Toys forest.

Answer: B

Explanation:

http://msmvps.com/blogs/ulfbsimonweidner/archive/2006/09/30/DNS-Conditional-Forwarders-_2D00_-ADintegrated.aspx

QUESTION NO: 26

Your company has a single Active Directory forest that has an Active Directory domain named na.contoso.com.

A server named Server1 runs the DNS Server server role. You notice stale resource records in the na.contoso.com zone. You have enabled DNS scavenging on Server1. Three weeks later, you notice that the stale resource records remain in na.contoso.com.

You need to ensure that the stale resource records are removed from na.contoso.com.

What should you do?

A. Stop and restart the DNS Server service on Server1.

B. Enable DNS scavenging on the na.contoso.com zone.

C. Run the dnscmd Server1 /AgeAllRecords command on Server1.

D. Run the dnscmd Server1 /StartScavenging command on Server1.

Answer: B

QUESTION NO: 27

Your network contains an Active Directory domain named contoso.com.

From DNS Manager, you open the properties of contoso.com as shown in the exhibit. (Click the Exhibit button)

You need to ensure that you can modify the start of authority (SOA) record for contoso.com.

What should you do?

A. Modify the zone transfer settings.

B. Log on as a member of the DnsAdmins group.

C. Log on as a member of the Domain Admins group.

D. Connect to the DNS server that contains the primary zone.

Answer: D

QUESTION NO: 28

Your company has a main office and a branch office. The company network has two WINS servers. You have an application that requires NetBIOS name resolution. The WINS servers are configured as shown in the following table.

You discover that the WINS addresses on all client computers in both offices are configured in the following order of use:

  • 10.1.0.23

  • 10.6.0.254

You reconfigure the WINS addresses on all client computers in the branch office in the following order of use:

  • 10.6.0.254

  • 10.1.0.23

After the reconfiguration, users in the branch office are unable to connect to the servers that are located in the main office.

You need to restore name resolution in the branch office.

What should you do?

A. Configure the burst handling option on DC2.

B. Configure DC1 and DC2 as WINS push/pull replication partners.

C. In the WINS server properties on DC1, increase the Renew interval setting to 1 day.

D. In the WINS server properties on DC2, increase the Renew interval setting to 1 day.

Answer: B

QUESTION NO: 29

Your company has a server named Server1 that runs a Server Core installation of Windows Server 2008 R2, and the DNS Server server role. Server1 has one network interface named Local Area Connection. The static IP address of the network interface is configured as 10.0.0.1.

You need to create a DNS zone named local.contoso.com on Server1.

Which command should you use?

A. ipconfig /registerdns:local.contoso.com

B. dnscmd Server1 /ZoneAdd local.contoso.com /DSPrimary

C. dnscmd Server1 /ZoneAdd local.contoso.com /Primary /file local.contoso.com.dns

D. netsh interface ipv4 set dnsserver name="local.contoso.com" static 10.0.0.1 primary

Answer: C

Explanation:

http://technet.microsoft.com/en-us/library/cc756116(v=ws.10).aspx#BKMK_22

QUESTION NO: 30

Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 has the

Network_Policy Server (NPS) role installed.

You need to ensure that the NPS log files on Server1 contain information of client connections.

What should you do?

A. Enable the Accounting requests settings.

B. Enable the Authentication requests settings.

C. Configure the IAS (Legacy) log file format.

D. Configure the DTS Compilant log file format.

Answer: D

Explanation:

The DTS Compliant log format is the newest one and only its XML have attributes fot session duration such as Acct-Session-Time = "The length of time (in seconds) for which the session has been active.

QUESTION NO: 31

Your company has an Active Directory forest. All domain controllers run the DNS Server server role.

The company plans to decommission the WINS service.

You need to enable forest-wide single name resolution.

What should you do?

A. Enable WINS-R lookup in DNS

B. Create Service Location (SRV) records for the single name resources

C. Create an Active Directory-integrated zone named LegacyWINS. Create host (A) records for the single name resources

D. Create an Active Directory-integrated zone named GlobalNames. Create an alias host (CNAME) records for the single name resources

Answer: D

Explanation:

http://technet.microsoft.com/en-us/library/cc731744.aspx

QUESTION NO: 32

You manage a domain controller that runs Windows Server 2008 R2 and the DNS Server server role. The DNS server hosts an Active Directory-integrated zone for your domain. You need to provide a user with the ability to manage records in the zone.

The user must not be able to modify the DNS server settings.

What should you do?

A. Add the user to the DNSUpdateProxy Global security group.

B. Add the user to the DNSAdmins Domain Local security group.

C. Grant the user permissions on the zone.

D. Grant the user permissions on the DNS server.

Answer: C

QUESTION NO: 33

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. All client computers run Windows 7.

You create a new zone named secure.contoso.com and configure the zone to use DNSSEC.

You need to ensure that all client computers verify whether the name and address information of secure.contoso.com is validated by the DNS servers.

What should you configure from Group Policy?

A. an IPSec Security policy

B. the DNS Client settings

C. the Public Key policies

D. a Name Resolution Policy rule

Answer: D

Explanation:

http://technet.microsoft.com/en-us/library/ee649182(WS.10).aspx

QUESTION NO: 34

Your company has a main office and two branch offices that are connected by WAN links. The main office runs the DNS Server service on three domain controllers. The zone for your domain is configured as an Active Directory-integrated zone.

Each branch office has a single member server that hosts a secondary zone for the domain. The DNS servers in the branch offices use the main office DNS server as the DNS Master server for the zone.

You need to minimize DNS zone transfer traffic over the WAN links.

What should you do?

A. Decrease the Retry Interval setting in the Start of Authority (SOA) record for the zone.

B. Decrease the Refresh Interval setting in the Start of Authority (SOA) record for the zone.

C. Increase the Refresh Interval setting in the Start of Authority (SOA) record for the zone.

D. Disable the netmask ordering option in the properties of the DNS Master server for the zone.

Answer: C

QUESTION NO: 35

Your network contains an Active Directory domain. The domain contains an enterprise certification authority (CA) named Server1 and a server named Server2.

On Server2, you deploy Network Policy Server (NPS) and you configure a Network Access Protection (NAP) enforcement policy for IPSec.

From the Health Registration Authority snap-in on Server2, you set the lifetime of health certificates to four hours.

You discover that the validity period of the health certificates issued to client computers is one year.

You need to ensure that the health certificates are only valid for four hours.

What should you do?

A. Modify the Request Handling settings of the certificate template used for the health certificates.

B. Modify the Issuance Requirements settings of the certificate template used for the health certificates.

C. On Server1, run certutil.exe -setreg policy\editflags +editf_attributeenddate.

D. On Server1, run certutil.exe Csetregdbflags +dbflags_enablevolatilerequests.

Answer: C

Explanation:

Configure template validity period override

Use the following procedure to allow the CA to issue the new health certificate template. This procedure applies to an enterprise NAP CA only.

To allow template validity period override

On the NAP CA, click Start, click Run, right-click Command Prompt, and then click Run as administrator.

In the command window, type Certutil.exe -setreg policy\EditFlags +EDITF_ATTRIBUTEENDDATE, and then press ENTER.

In the command window, type net stop certsvc && net start certsvc, and then press ENTER.

Verify that Active Directory Certificate Services (AD CS) stops and starts successfully.

http://technet.microsoft.com/en-us/library/dd296906(v=ws.10).aspx

Reference URL : http://technet.microsoft.com/en-us/library/dd296906(v=ws.10).aspx

QUESTION NO: 36

Your company has a single Active Directory domain. All servers run Windows Server 2008 R2. You install an additional DNS server that runs Windows Server 2008 R2.

You need to delete the pointer record for the IP address 10.3.2.127.

What should you do?

A. Use DNS manager to delete the 127.in-addr.arpa zone.

B. Run the dnscmd /RecordDelete 10.3.2.127 command at the command prompt.

C. Run the dnscmd /ZoneDelete 127.in-addr.arpa command at the command prompt.

D. Run the dnscmd /RecordDelete 10.in-addr.arpa. 127.2.3 PTR command at the command prompt.

Answer: D

Explanation:

http://support.microsoft.com/kb/842127/en-us

QUESTION NO: 37

Your company has a server that runs Windows Server 2008 R2. You have a new application that locates remote resources by name. The new application requires IPv6.

You need to ensure that the application can locate remote resources by using IPv6.

What should you do?

A. Create a new Pointer (PTR) DNS record.

B. Create a new Quad-A (AAAA) DNS record.

C. Create a new Signature (SIG) DNS record.

D. Create a new Route Through (RT) DNS record.

Answer: B

QUESTION NO: 38

You are building a test environment to evaluate DNS Security Extensions (DNSSEC). You have a domain controller named Server1 that runs Windows Server 2008 R2 in your test environment.

Server1 has the DNS Server server role installed.

You need to configure Server1 to support the DNSSEC evaluation.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Create a new Quad-A (AAAA) DNS record.

B. Create a new Signature (SIG) DNS record.

C. Create a new Public key (KEY) DNS record.

D. Create a new Well-known service (WKS) DNS record.

Answer: B, C

QUESTION NO: 39

Your company has a domain controller that runs Windows Server 2008 R2 and the DNS role. The DNS domain is named contoso.com.

You need to ensure that inquiries about contoso.com are sent to dnsadmin@contoso.com .

What should you do?

A. Create a Signature (SIG) record for the domain controller.

B. Modify the Name Server (NS) record for the domain controller.

C. Modify the Service Location (SRV) record for the domain controller.

D. Modify the Start of Authority (SOA) record on the domain controller.

Answer: D

QUESTION NO: 40

Your company has a domain controller named Server1 that runs Windows Server 2008 R2 and the DNS server role. A server named Server2 runs Windows Server 2003 and Microsoft Exchange Server 2007.

The company wants to deploy a new Exchange server named Server3 to receive all inbound e- mail traffic. You need to configure DNS to direct incoming e-mail traffic to the Exchange servers. You also need to ensure that higher priority is given to Server3.

What should you do?

A. Set the priority value of the Server2 Mail Exchanger (MX) record to 20. Create a new Mail Exchanger (MX) record for Server3. Set the priority value to 5.

B. Set the priority value of the Server2 Mail Exchanger (MX) record to 5. Create a new Mail Exchanger (MX) record for Server3. Set the priority value to 20.

C. Create a new Service Location (SRV) record in the domain for Server3. Set the port number value to 25. Configure the priority setting to 20.

D. Create a new Service Location (SRV) record in the domain for Server3. Set the port number value to 110. Configure the priority setting to 5.

Answer: A

Site Search:

Close

Close
Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.


Simply submit your e-mail address below to get started with our interactive software demo of your free trial.


Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.