TS: Windows Server 2008 Network Infrastructure, Configuring v58.0

Page:    1 / 27   
Exam contains 400 questions

Your network contains two separate subnets named Subnet1 and Subnet2. Subnet1 contains a Windows
Server Update Services (WSUS) server named Server1.
Computers on Subnet1 can access resources on the Internet. Subnet2 is an isolated subnet.
You deploy a new WSUS server named Server2 in Subnet2.
You need to replicate the metadata from Server1 to Server2.
What should you do on Server1?

  • A. Run wbadmin.exe and specify the start backup parameter.
  • B. Run wbadmin.exe and specify the start systemstatebackup parameter.
  • C. Run wsusutil.exe and specify the move content parameter.
  • D. Run wsusutil.exe and specify the export parameter.


Answer : D

Explanation:
http://technet.microsoft.com/en-us/library/cc720437%28WS.10%29.aspx

Your company has an Active Directory domain named ad.contoso.com. All client computers run Windows 7.
The company has recently acquired a company that has an Active Directory domain named ad.fabrikam.com.
A two-way forest trust is established between the ad.fabrikam.com domain and the ad.contoso.com domain.
You need to edit the ad.contoso.com domain Group Policy object (GPO) to enable users in the ad.contoso.com domain to access resources in the ad.fabrikam.com domain.
What should you do?

  • A. Configure the DNS Suffix Search List option to ad.contoso.com, ad.fabrikam.com.
  • B. Configure the Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries option to True.
  • C. Configure the Primary DNS Suffix option to ad.contoso.com, ad.fabrikam.com. Configure the Primary DNS Suffix Devolution option to True.
  • D. Configure the Primary DNS Suffix option to ad.contoso.com, ad.fabrikam.com. Configure the Primary DNS Suffix Devolution option to False.


Answer : A

Your network contains the servers configured as shown in the following table.


Your company is assigned the public IP addresses from 131.107.0.1 to 131.107.0.31. You need to ensure that Web1 is accessible from the Internet by using https://131.107.0.2.
What should you do from the Routing and Remote Access console?

  • A. From the Static Routes node, configure a static route.
  • B. From the server properties, configure SSL Certificate Binding.
  • C. From the NAT interface, add an address pool and a reservation.
  • D. From the NAT interface, configure the Secure Web Server (HTTPS) service.


Answer : C

Your company has deployed Network Access Protection (NAP).
You configure secure wireless access to the network by using 802.1X authentication from any access point.
You need to ensure that all client computers that access the network are evaluated by
NAP.
What should you do?

  • A. Configure all access points as RADIUS clients to the Remediation Servers.
  • B. Configure all access points as RADIUS clients to the Network Policy Server (NPS).
  • C. Create a Network Policy that defines Remote Access Server as a network connection method.
  • D. Create a Network Policy that specifies EAP-TLS as the only available authentication method.


Answer : B

Your company has a single Active Directory forest that has a domain in North America named na.contoso.com and a domain in South America named sa.contoso.com. The client computers run Windows 7.
You need to configure the client computers in the North America office to improve the name resolution response time for resources in the South America office.
What should you do?

  • A. Configure a new Group Policy object (GPO) that disables the Local-Link Multicast Name Resolution feature. Apply the policy to all the client computers in the North America office.
  • B. Configure a new Group Policy object (GPO) that enables the Local-Link Multicast Name Resolution feature. Apply the policy to all the client computers in the North America office.
  • C. Configure a new Group Policy object (GPO) that configures the DNS Suffix Search List option to sa.contoso.com, na.contoso.com. Apply the policy to all the client computers in the North America office.
  • D. Configure the priority value for the Service Location (SRV) records on each of the North America domain controllers to 5.


Answer : C

Your network contains two DHCP servers named Server1 and Server2. On Server1, you create a scope named Scope1.
You need to ensure that DHCP clients receive IP addresses from the address range in
Scope1 if Server1 is unavailable. The solution must prevent both servers from assigning duplicate IP addresses.
What should you do from the DHCP console?

  • A. On Server1, create a superscope.
  • B. On Server1, select Scope1, and then run the Split-Scope wizard.
  • C. On Server2, create a scope, and then reconcile each scope.
  • D. On Server2, create a scope, and then enable Network Access Protection.


Answer : B

Your network contains an Active Directory domain. The domain contains DNS servers that run Windows Server 2008 R2.
The network has two external links. One link connects to the Internet. The other link directly connects to the network of a partner company.
The partner companys network is not connected to the Internet. You need to ensure that users on your network can access resources on the partner companys network. The solution must ensure that the users on your network can continue to access resources on the Internet.
Which two actions should you perform on the DNS servers? (Each correct answer presents a complete solution. Choose two.)

  • A. Configure conditional forwarding.
  • B. Add a stub zone.
  • C. Modify the root hints.
  • D. Add a reverse lookup zone.
  • E. Add a trust anchor.


Answer : A,C

You need to create a sender policy framework (SPF) record for the e-mail servers on your network.
Which type of resource record should you create?

  • A. Alias (CNAME)
  • B. Host Information (HINFO)
  • C. Signature (SIG)
  • D. Text (TXT)


Answer : D

Explanation:
Authenticating Outbound E-Mail:
Domain holders need to complete an inventory and publish all IP addresses of their outbound e- mail servers in the DNS zone file. This is an administrative step that requires no changes to an organization's e-mail or DNS software. Even if your domain has no outbound e-mail servers, you can help protect your domain from spoofing by publishing an
SPF record in the DNS that states this. Follow the steps below to create and publish an
SPF record for each domain name that your organization owns.
1. Determine the IP addresses of the outbound e-mail servers for the domain.
2. Identify the e-mail servers that transmit outbound e-mail for all of the domains and subdomains in your organization, as well as the IP addresses for these servers. You will need to publish a Sender ID record for each of them. If your organization uses any third parties to send e- mail on its behalf, such as an e-mail service provider or a hoster, you will also need to know their domain names. However, you do not need to know the IP addresses of their outbound e-mail servers. (You may want to encourage them to publish
Sender ID records for their own domains.)
3. Create the SPF record. You can use the Sender ID Wizard described in this document to make it easier.
(See www.microsoft.com/senderid/wizard.) Note You must create a separate SPF record for each domain and subdomain that sends e-mail for you. It is possible for several domains to share the same Sender ID record.
4. After you have created the SPF records for your organization, publish them in DNS TXT records. You may need the assistance of your DNS administrator, Web hoster, or registrar.
5. Ensure that your domain can be correctly identified as the purported responsible domain
(PRD) for each message you send. This means that the sender's domain must be shown in certain headers of the e-mail message. Sender ID has been carefully designed to ensure that most legitimate e-mailers, remailers, and mailing list operators already satisfy this requirement. In a few cases, such as mail forwarding services, you may need to add additional headers to e-mail messages.

Your network contains an Active Directory forest named fabrikam.com. The forest contains a DNS server named Server1. You need to configure Server1 to resolve single-label names.
What should you do?

  • A. Create a DNS zone named GlobalNames. Run dnscmd.exe and specify the Config parameter.
  • B. Create a DNS zone named GlobalNames. Run dnscmd.exe and specify the CreateDirectoryPartition parameter.
  • C. Create a DNS zone named RootNames. Run dnscmd.exe and specify the CreateDirectoryPartition parameter.
  • D. Create a DNS zone named RootNames. Run dnscmd.exe and specify the Config parameter.


Answer : A

Explanation:

Deploying a GlobalNames zone -
The specific steps for deploying a GlobalNames zone can vary somewhat, depending on the AD DS topology of your network.
Step 1: Create the GlobalNames zone
The first step in deploying a GlobalNames zone is to create the zone on a DNS server that is a domain controller running Windows Server 2008. The GlobalNames zone is not a special zone type; rather, it is simply an AD DS-integrated forward lookup zone that is called GlobalNames. For information about creating a primary forward lookup zone, see
Add a Forward Lookup Zone.
Step 2: Enable GlobalNames zone support
The GlobalNames zone is not available to provide name resolution until GlobalNames zone support is explicitly enabled by using the following command on every authoritative DNS server in the forest: dnscmd <ServerName> /config /enableglobalnamessupport 1 where ServerName is the
DNS name or IP address of the DNS server that hosts the GlobalNames zone. To specify the local computer, replace ServerName with a period (.), for example, dnscmd . /config
/enableglobalnamessupport1.
Step 3: Replicate the GlobalNames zone
To make the GlobalNames zone available to all DNS servers and clients in a forest, replicate the zone to all domain controllers in the forest, that is, add the GlobalNames zone to the forest-wide DNS application partition.
For more information, see Change the Zone Replication Scope.
If you want to limit the servers that will be authoritative for the GlobalNames zone, you can create a custom DNS application partition for replicating the GlobalNames zone. For more information, see Understanding DNS Zone Replication in Active Directory Domain
Services.
Step 4: Populate the GlobalNames zone
For each server that you want to be able to provide single-label name resolution for, add an alias (CNAME) resource record to the GlobalNames zone. For more information, see Add an Alias (CNAME) Resource Record to a Zone.
Step 5: Publish the location of the GlobalNames zone in other forests
If you want DNS clients in other forests to use the GlobalNames zone for resolving names, add service location (SRV) resource records to the forest-wide DNS application partition, using the service name _globalnames. _msdcs and specifying the FQDN of the DNS server that hosts the GlobalNames zone. For more information, see Add a Resource
Record to a Zone and Service Location (SRV) Resource Record Dialog Box. In addition, you must run the dnscmdServerName/config /enableglobalnamessupport 1 command on every authoritative DNS server in the forests that do not host the GlobalNames zone. http://technet.microsoft.com/en-us/library/cc731744.aspx

Your network contains two servers named Server1 and Server2 that run Windows Server
2008 R2. The network contains an client named Computer1 that runs Windows7.
All communication between Server1 and Server2 is encrypted by using IPSec.
Communication between the server and the client does not require IPSec encryption.
You need to ensure that you can connect to Server1 by using the IP Security Monitor on
Computer1.
What should you do?

  • A. Apply an IP Security policy to Computer1.
  • B. Create a connection security rule on Computer1.
  • C. Add a value to the PolicyAgent registry key on Server1.
  • D. Modify the Advanced Audit Policy Configuration on Server1.


Answer : C

Explanation:
-Valid for Windows 7 and Vista client-
On the computer (2008) you want to remotely manage or monitor, click Start, click Run, type regedit, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ PolicyAgent On the

Edit menu, select -
New, and then click DWORD Value.
Write EnableRemoteMgmt and then press ENTER.
Click the right mouse button on the entry EnableRemoteMgmt and then click Modify.
In the Value data box, type 1, and then click OK.
Exit Registry Editor.
Start the RemoteRegistry. To do this, type net start RemoteRegistry at a command prompt, and then press ENTER.
Start the PolicyAgent. To do this, type net start policyagent at the command prompt, and then press ENTER.
Make sure the user who will administer or supervise the team has administrator privileges on the computer. In the Advanced Security section of Windows Firewall, enable service management rules remotely.

Your network contains a single Active Directory domain. All servers run Windows Server
2008 R2. You have an IPv6-only infrastructure that has multiple subnets. You deploy a new server named Server1.
You need to ensure that Server1 can communicate with the client computers in all of the internal subnets. The solution must use an address that is reserved for internal networks.
Which address should you assign?

  • A. 2001::68c0:9f7c:8393:c214
  • B. FC00::68c0:9f7c:8393:c214
  • C. FE80::68c0:9f7c:8393:c214
  • D. FF02::68c0:9f7c:8393:c214


Answer : B

You configure a full server backup on a server as shown in the exhibit. (Click the Exhibit button.)


You need to ensure that a full server backup runs each day at 23:45 and that a custom script runs when the backup completes.
Which tool should you use?

  • A. Task Scheduler
  • B. Windows Server Backup
  • C. System Configuration
  • D. Services


Answer : A

Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that has Microsoft SQL Server 2008 R2 installed.
You need to configure the Windows Firewall on Server1 to allow client computers access to the SQL Server installation.
Which port or ports should you allow through Windows Firewall?

  • A. TCP 1433
  • B. TCP 587 and UDP 587
  • C. UDP 67 and UDP 68
  • D. TCP 53 and UDP 53
  • E. TCP 546 and TCP 547
  • F. UDP 546 and UDP 547
  • G. TCP 636
  • H. UDP 1433
  • I. TCP 995
  • J. UDP 995 K. UDP 993 L. TCP 993 M. TCP 67 and TCP 68


Answer : A

Explanation:
SQL Server is a Winsock application that communicates over TCP/IP by using the sockets network library.
SQL Server listens for incoming connections on a particular port. The default port for SQL
Server is 1433. The port doesn't need to be 1433, but 1433 is the official Internet Assigned
Number Authority (IANA) socket number for SQL Server.
http://support.microsoft.com/kb/287932/EN-US

Your network contains a file server named Server1 that runs Windows Server 2008 R2.
You have several UNIX-based client computers on the network.
Users report that they cannot access shared folders on Server1 from the UNIX-based client computers.
You need to ensure that users can access the shared folders on Server1.
What should you install on Server1?

  • A. Network Policy Server (NPS)
  • B. Services for Network File System (NFS)
  • C. Simple TCP/IP Services
  • D. File Server Resource Manager (FSRM)


Answer : B

Explanation:
Services for Network File System (NFS) provides a file-sharing solution for enterprises that have a mixed
Windows and UNIX environment. Services for NFS enables users to transfer files between computers running the Windows Server 2008 operating system and UNIX-based computers using the NFS protocol. http://technet.microsoft.com/en-us/library/cc753302(v=ws.10).aspx

You are building a test environment to evaluate DNS Security Extensions (DNSSEC). You have a domain controller named Server1 that runs Windows Server 2008 R2 in your test environment.
Server1 has the DNS Server server role installed.
You need to configure Server1 to support the DNSSEC evaluation.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

  • A. Create a new Quad-A (AAAA) DNS record.
  • B. Create a new Signature (SIG) DNS record.
  • C. Create a new Public key (KEY) DNS record.
  • D. Create a new Well-known service (WKS) DNS record.


Answer : B,C

Page:    1 / 27   
Exam contains 400 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us