TS: Windows Server 2008 Network Infrastructure, Configuring
Question No: 31 – (Topic 1)
Your network contains two separate subnets named Subnet1 and Subnet2. Subnet1 contains a Windows
Server Update Services (WSUS) server named Server1.
Computers on Subnet1 can access resources on the Internet. Subnet2 is an isolated subnet.
You deploy a new WSUS server named Server2 in Subnet2. You need to replicate the metadata from Server1 to Server2.
What should you do on Server1?
Run wbadmin.exe and specify the start backup parameter.
Run wbadmin.exe and specify the start systemstatebackup parameter.
Run wsusutil.exe and specify the move content parameter.
Run wsusutil.exe and specify the export parameter.
Question No: 32 – (Topic 1)
Your company has an Active Directory domain named ad.contoso.com. All client computers run Windows 7.
The company has recently acquired a company that has an Active Directory domain named ad.fabrikam.com.
A two-way forest trust is established between the ad.fabrikam.com domain and the ad.contoso.com domain.
You need to edit the ad.contoso.com domain Group Policy object (GPO) to enable users in the ad.contoso.com domain to access resources in the ad.fabrikam.com domain.
What should you do?
Configure the DNS Suffix Search List option to ad.contoso.com, ad.fabrikam.com.
Configure the Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries option to True.
Configure the Primary DNS Suffix option to ad.contoso.com, ad.fabrikam.com. Configure the Primary DNS Suffix Devolution option to True.
Configure the Primary DNS Suffix option to ad.contoso.com, ad.fabrikam.com. Configure the Primary DNS Suffix Devolution option to False.
Question No: 33 – (Topic 1)
Your network contains the servers configured as shown in the following table.
Your company is assigned the public IP addresses from 184.108.40.206 to 220.127.116.11. You need to ensure that Web1 is accessible from the Internet by using https://18.104.22.168.
What should you do from the Routing and Remote Access console?
From the Static Routes node, configure a static route.
From the server properties, configure SSL Certificate Binding.
From the NAT interface, add an address pool and a reservation.
From the NAT interface, configure the Secure Web Server (HTTPS) service.
Question No: 34 – (Topic 1)
Your company has deployed Network Access Protection (NAP).
You configure secure wireless access to the network by using 802.1X authentication from any access point.
You need to ensure that all client computers that access the network are evaluated by NAP.
What should you do?
Configure all access points as RADIUS clients to the Remediation Servers.
Configure all access points as RADIUS clients to the Network Policy Server (NPS).
Create a Network Policy that defines Remote Access Server as a network connection method.
Create a Network Policy that specifies EAP-TLS as the only available authentication method.
Question No: 35 – (Topic 1)
Your company has a single Active Directory forest that has a domain in North America named na.contoso.com and a domain in South America named sa.contoso.com. The client computers run Windows 7.
You need to configure the client computers in the North America office to improve the name resolution response time for resources in the South America office.
What should you do?
Configure a new Group Policy object (GPO) that disables the Local-Link Multicast Name Resolution feature. Apply the policy to all the client computers in the North America office.
Configure a new Group Policy object (GPO) that enables the Local-Link Multicast Name Resolution feature.
Apply the policy to all the client computers in the North America office.
Configure a new Group Policy object (GPO) that configures the DNS Suffix Search List option to sa.contoso.com, na.contoso.com. Apply the policy to all the client computers in the North America office.
Configure the priority value for the Service Location (SRV) records on each of the North America domain controllers to 5.
Question No: 36 – (Topic 1)
Your network contains two DHCP servers named Server1 and Server2. On Server1, you create a scope named Scope1.
You need to ensure that DHCP clients receive IP addresses from the address range in Scope1 if Server1 is unavailable. The solution must prevent both servers from assigning duplicate IP addresses.
What should you do from the DHCP console?
On Server1, create a superscope.
On Server1, select Scope1, and then run the Split-Scope wizard.
On Server2, create a scope, and then reconcile each scope.
On Server2, create a scope, and then enable Network Access Protection.
Question No: 37 – (Topic 1)
Your network contains an Active Directory domain. The domain contains DNS servers that
run Windows Server 2008 R2.
The network has two external links. One link connects to the Internet. The other link directly connects to the network of a partner company.
The partner companys network is not connected to the Internet. You need to ensure that users on your network can access resources on the partner companys network. The solution must ensure that the users on your network can continue to access resources on the Internet.
Which two actions should you perform on the DNS servers? (Each correct answer presents a complete solution. Choose two.)
Configure conditional forwarding.
Add a stub zone.
Modify the root hints.
Add a reverse lookup zone.
Add a trust anchor.
Question No: 38 – (Topic 1)
You need to create a sender policy framework (SPF) record for the e-mail servers on your network.
Which type of resource record should you create?
Host Information (HINFO)
Answer: D Explanation:
Authenticating Outbound E-Mail:
Domain holders need to complete an inventory and publish all IP addresses of their outbound e- mail servers in the DNS zone file. This is an administrative step that requires no changes to an organization#39;s e-mail or DNS software. Even if your domain has no outbound e-mail servers, you can help protect your domain from spoofing by publishing an SPF record in the DNS that states this. Follow the steps below to create and publish an SPF record for each domain name that your organization owns.
Determine the IP addresses of the outbound e-mail servers for the domain.
Identify the e-mail servers that transmit outbound e-mail for all of the domains and subdomains in your organization, as well as the IP addresses for these servers. You will need to publish a Sender ID record for each of them. If your organization uses any third parties to send e- mail on its behalf, such as an e-mail service provider or a hoster, you will also need to know their domain names. However, you do not need to know the IP addresses of their outbound e-mail servers. (You may want to encourage them to publish Sender ID records for their own domains.)
Create the SPF record. You can use the Sender ID Wizard described in this document to make it easier.
(See www.microsoft.com/senderid/wizard.) Note You must create a separate SPF record for each domain and subdomain that sends e-mail for you. It is possible for several domains to share the same Sender ID record.
After you have created the SPF records for your organization, publish them in DNS TXT records. You may need the assistance of your DNS administrator, Web hoster, or registrar.
Ensure that your domain can be correctly identified as the purported responsible domain (PRD) for each message you send. This means that the sender#39;s domain must be shown in certain headers of the e-mail message. Sender ID has been carefully designed to ensure that most legitimate e-mailers, remailers, and mailing list operators already satisfy this requirement. In a few cases, such as mail forwarding services, you may need to add additional headers to e-mail messages.
Question No: 39 – (Topic 1)
Your network contains an Active Directory forest named fabrikam.com. The forest contains a DNS server named Server1. You need to configure Server1 to resolve single-label names.
What should you do?
Create a DNS zone named GlobalNames. Run dnscmd.exe and specify the Config parameter.
Create a DNS zone named GlobalNames. Run dnscmd.exe and specify the CreateDirectoryPartition parameter.
Create a DNS zone named RootNames. Run dnscmd.exe and specify the CreateDirectoryPartition parameter.
Create a DNS zone named RootNames. Run dnscmd.exe and specify the Config parameter.
Answer: A Explanation:
Deploying a GlobalNames zone
The specific steps for deploying a GlobalNames zone can vary somewhat, depending on the AD DS topology of your network.
Step 1: Create the GlobalNames zone
The first step in deploying a GlobalNames zone is to create the zone on a DNS server that is a domain controller running Windows Server 2008. The GlobalNames zone is not a special zone type; rather, it is simply an AD DS-integrated forward lookup zone that is called GlobalNames. For information about creating a primary forward lookup zone, see Add a Forward Lookup Zone.
Step 2: Enable GlobalNames zone support
The GlobalNames zone is not available to provide name resolution until GlobalNames zone support is explicitly enabled by using the following command on every authoritative DNS server in the forest:
dnscmd lt;ServerNamegt; /config /enableglobalnamessupport 1 where ServerName is the DNS name or IP address of the DNS server that hosts the GlobalNames zone. To specify the local computer, replace ServerName with a period (.), for example, dnscmd . /config
Step 3: Replicate the GlobalNames zone
To make the GlobalNames zone available to all DNS servers and clients in a forest, replicate the zone to all domain controllers in the forest, that is, add the GlobalNames zone to the forest-wide DNS application partition.
For more information, see Change the Zone Replication Scope.
If you want to limit the servers that will be authoritative for the GlobalNames zone, you can create a custom DNS application partition for replicating the GlobalNames zone. For more information, see Understanding DNS Zone Replication in Active Directory Domain Services.
Step 4: Populate the GlobalNames zone
For each server that you want to be able to provide single-label name resolution for, add an alias (CNAME) resource record to the GlobalNames zone. For more information, see Add an Alias (CNAME) Resource Record to a Zone.
Step 5: Publish the location of the GlobalNames zone in other forests
If you want DNS clients in other forests to use the GlobalNames zone for resolving names, add service location (SRV) resource records to the forest-wide DNS application partition, using the service name _globalnames. _msdcs and specifying the FQDN of the DNS server that hosts the GlobalNames zone. For more information, see Add a Resource Record to a Zone and Service Location (SRV) Resource Record Dialog Box. In addition, you must run the dnscmdServerName/config /enableglobalnamessupport 1 command on
Question No: 40 – (Topic 1)
Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. The network contains an client named Computer1 that runs Windows7.
All communication between Server1 and Server2 is encrypted by using IPSec. Communication between the server and the client does not require IPSec encryption.
You need to ensure that you can connect to Server1 by using the IP Security Monitor on Computer1.
What should you do?
Apply an IP Security policy to Computer1.
Create a connection security rule on Computer1.
Add a value to the PolicyAgent registry key on Server1.
Modify the Advanced Audit Policy Configuration on Server1.
Answer: C Explanation:
-Valid for Windows 7 and Vista client-
On the computer (2008) you want to remotely manage or monitor, click Start, click Run, type regedit, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ PolicyAgent On the Edit menu, select
New, and then click DWORD Value.
Write EnableRemoteMgmt and then press ENTER.
Click the right mouse button on the entry EnableRemoteMgmt and then click Modify. In the Value data box, type 1, and then click OK.
Exit Registry Editor.
Start the RemoteRegistry. To do this, type net start RemoteRegistry at a command prompt, and then press ENTER.
Start the PolicyAgent. To do this, type net start policyagent at the command prompt, and
then press ENTER.
Make sure the user who will administer or supervise the team has administrator privileges on the computer. In the Advanced Security section of Windows Firewall, enable service management rules remotely.
100% Ensurepass Free Download!
–Download Free Demo:70-642 Demo PDF
100% Ensurepass Free Guaranteed!
–Download 2018 EnsurePass 70-642 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|