Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Practice Test
Version: 30.0
ABC.com has a Marketing division which access resources located on another segment. How
would you configure ABC-SR12 to ensure users in the Marketing division are able to access ABCSR12?
A. By enabling DHCP.
B. By changing the subnet mask to 255.255.255.0.
C. By changing the IP address to 192.108.16.2.
D. By changing the DNS Server to 192.108.16.12.
Answer: B
Explanation:
To ensure that all users are able to connect to the server, you need to change the subnet mask to
a 24-bit mask. Because the subnet, 255.255.255.192 assigned to the server can have maximum
of 32 hosts and because the subnet is in different network, the server cannot communicate to the
gateway (192.168.16.1) assigned to it. To communicate with the gateway, the server should have
in the same subnet and therefore the subnet of the server needs to be changed to 24bit, which
can have 254 hosts.
Reference: Subnet Masks & Their Effect
http://www.firewall.cx/ip-subnetting-mask-effect.php
"Pass Any Exam. Any Time." - www.actualtests.com
QUESTION NO: 2
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
either Microsoft Windows Vista or Microsoft Windows XP Professional SP2. The ABC.com
network has a computer named ABC-SR08 that is configured to communicate using IPv4
addressing.
ABC.com has a Marketing division which requires remote access to shared folders on ABC-SR08
when out of office. You configuring the Routing and Remote Access role on ABC-SR08. What else
must you do on ABC-SR08?
A. On ABC-SR08, by running the netsh interface ipv6 enable.
B. On ABC-SR08, by running the netsh ras ipv6 set access ALL
C. On ABC-SR08, by having the IPv4 Router Routing and Remote Access option enabled.
D. On ABC-SR08, by having the NAT and OSPF enabled on the IPv4 interface o
Answer: C
Explanation:
To configure routing on the server at the branch office, you need to first install the Routing and
Remote Access role on the server and then enable the IPv4 Router Routing and Remote Access
option on the server.
QUESTION NO: 3
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
either Microsoft Windows Vista or Microsoft Windows XP Professional SP2. The ABC.com
network contains several wireless access points (WAPs) that use 802.1x authentication. You
install Network Access Protection (NAP) on a server named ABC-SR07.
How would you configure ABC-SR07 to have NAP verify all client computer connections to the
ABC.com networks?
A. By creating and configuring an Authorization Request Policy which has Secure Sockets Layer
(SSL) as the only available authentication method.
B. By creating and configuring a Connection Request Policy which has Kerberos v5 as the only
available authentication method.
C. By creating and configuring a Connection Request Policy which allows EAP-TLS as the only
"Pass Any Exam. Any Time." - www.actualtests.com
QUESTION NO: 4
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. The ABC.com network has a Routing and Remote Access computer
named ABC-SR08 that is configured as a Routing and Remote Access server running Network
Access Protection (NAP).
How should you configure ABC-SR08 to ensure that it uses Point-to-Point (PPP) authentication?
A. By using the Challenge Handshake Authentication Protocol version 2 (CHAP v2) protocol.
B. By using the Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) protocol.
C. By using the Secure Shell (SSH) protocol.
D. By using the Extensible Authentication Protocol (EAP) protocol.
QUESTION NO: 5
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. The ABC.com network has a computer named ABC-SR08 that is
configured with the Active Directory Certificate Services (AD CS) and hosts the Network Access
Protection (NAP).
ABC.com has a division of marketing users accessing the network using portable computers. How
would you ensure that the Marketing division network users are required to use smart cards?
A. By configuring 802.1X authentication on all WAPs.
B. By configuring WPA2 and EAP-TLS authentication on all portable computers.
C. By having Extensible Authentication Protocol (EAP) used on all portable computers.
D. By configuring WPA2, 802.1X authentication and EAP-TLS on all portable computers.
E. By having Internet Protocol Security (IPSec) protocol used on all portable computers.
Answer: D
Explanation:
To configure the wireless network to accept smart cards, you need to use WPA2, 802.1X
authentication and EAP-TLS.
The use of smart cards for user authentication is the strongest form of authentication in the
Windows Server 2003 family. For remote access connections, you must use the Extensible
Authentication Protocol (EAP) with the Smart card or other certificate (TLS) EAP type, also known
as EAP-Transport Level Security (EAP-TLS).
QUESTION NO: 6
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. The ABC.com network has a computer named ABC-SR04 that is
configured as a Virtual Private Network (VPN) server.
ABC.com recently installed and configured a firewall before ABC-SR04 to protect Web
communications. How should you configure the secure connection without the need to open more
ports?
A. By using full duplex tunneling over a secure SSL channel.
B. By configuring a Point-to-Point (PPP) connection.
C. By configuring a EAP-Transport Level Security (EAP-TLS) connection.
D. By configuring a Secure Socket Tunneling Protocol (SSTP) connection.
E. By using half duplex tunneling over a secure SSL channel.
Answer: D
Explanation:
The question states that the firewall is configured to allow only secure web communications.
Secure Web Communications use SSL. Secure Socket Tunneling Protocol (SSTP) is a form of
VPN tunnel that provides a mechanism to transport PPP traffic through an SSL channel.
QUESTION NO: 7
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
either Microsoft Windows Vista or Microsoft Windows XP Professional. The ABC.com network has
a domain controller named ABC-SR04.
ABC.com has a Marketing division which travels frequently. How would you configure ABC-SR04
to ensure the Marketing division is able to access the network remotely when traveling? (Choose
two)
"Pass Any Exam. Any Time." - www.actualtests.com
QUESTION NO: 8
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. The ABC.com network has a computer named ABC-SR06 that is
configured as a Virtual Private Network (VPN) server utilizing end-to end encryption with computer
level authentication without user names and passwords required.
ABC.com has a Marketing division which uses the VPN connection to access resources. How
would you configure the VPN connection to ensure Marketing division members do not require
using their user names and passwords whilst utilizing computer level authentication?
A. By using a L2TP/IPsec connection with EAP-TLS authentication.
B. By using a L2TP/IPsec connection in tunnel mode with WPA2 authentication.
C. By using a L2TP/IPsec connection with a PKI infrastructure.
D. By using a L2TP/IPsec connection with Kerberos v5 authentication.
Answer: A
Explanation: To ensure that the VPN connections between the main office and the branch offices
meet the given requirements, you need to configure a L2TP/IPsec connection to use the EAP-TLS
authentication.
QUESTION NO: 9
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and half the client computers
run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2. The ABC.com
network has a computer named ABC-SR21 that is configured to host Active Directory Certificate
Services (AD CS) and Network Access Protection
ABC.com has a division of marketing users accessing the wireless network using portable
computers. How would you ensure that a created policy is enforced on the portable computers?
A. By configuring 802.1X authentication on all access points.
B. By configuring WPA2 and EAP-TLS authentication on all portable computers.
C. By having Extensible Authentication Protocol (EAP) used on all portable computers.
D. By configuring WPA2, 802.1X authentication and EAP-TLS on all portable computers.
E. By having Internet Protocol Security (IPSec) protocol used on all portable computers.
Answer: A
Explanation:
To ensure that NAP policies are enforced on portable computers that use a wireless connection to
access the network, you need to configure all access points to use 802.1X authentication.
802.1X enforcement enforce health policy requirements every time a computer attempts an
802.1X-authenticated network connection. 802.1X enforcement also actively monitors the health
"Pass Any Exam. Any Time." - www.actualtests.com
QUESTION NO: 10
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
either Microsoft Windows Vista or Microsoft Windows XP Professional SP2. The ABC.com
network has a computer named ABC-SR06 that is configured as the Virtual Private Network (VPN)
server running the Network Access Protection (NAP) role.
ABC.com has a Marketing division which uses the ABC-SR06 as a Virtual Private Network (VPN)
server when traveling. How would you configure ABC-SR06 to ensure the Marketing division client
computers health are able to be monitored? (Choose all that apply)
A. By creating a network access policy named MarktingHealth linked to the domain.
B. By configuring the Requiring trusted path for credential entry option set to Enabled.
C. By creating and configuring a Group Policy object (GPO) named Marketing.
D. By creating a network access policy named MarketingHealth and Goup Policy Object (GPO)
named Marketing linked to the Domain Controllers organizational unit (OU).
E. By linking Marketing to the domain.
F. By having the Windows Security Center enabled.
Answer: C,E,F
Explanation:
The NAP replaces Network Access Quarantine Control (NAQC) in Windows Server 2003, which
provided the ability to restrict access to a network for dial-up and virtual private network (VPN)
clients. The solution was restricted to dial-up/VPN clients only.
NAP improves on this functionality by additionally restricting clients that connect to a network
directly, either wirelessly or physically using the Security Center. NAP restricts clients using the
following enforcement methods: IP security (IPsec), 802.1x, Dynamic Host Configuration Protocol
(DHCP) and VPN.
However, to enable NAP on all the clients in your domain, you should create a group policy and
link it to a domain and then enable the Security Center
QUESTION NO: 11
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and half the client computers
run either Microsoft Windows Vista or Windows XP Professional SP2. The ABC.com network has
a computer named ABC-SR03 that is configured to host Network Access Protection which is setup
to limit access to resources based on client computers health requirements.
How would you configure the NAP policy to prevent access to resources if the client computers do
not comply with the health requirements?
A. By creating an 802.1X network policy.
B. By creating a Kerberos v5 enforcement network policy.
C. By creating an IPSec enforcement network policy.
D. By creating a Layer 2 Tunneling Protocol enforcement policy.
E. By creating a Network Policy restricting remote connections.
Answer: C
Explanation:
Because the scenario suggests the configuration of the security policy on the network, you need to
create an IPSec enforcement network policy as a Network Access Protection Mode to ensure that
personal portable computers that dont comply with policy requirements are prohibited from
accessing company resources.
IPSec enforcement network policy authenticates NAP clients when they initiate IPsec-secured
communications with other NAP clients.
Reference: NAP protects networks by restricting client connections
http://www.biztechmagazine.com/article.asp?item_id=382
Reference: The Cable Guy IEEE 802.1X Wired Authentication
http://technet.microsoft.com/en-us/magazine/cc194418.aspx
"Pass Any Exam. Any Time." - www.actualtests.com
10
QUESTION NO: 12
You work as an enterprise administrator at ABC.com. The ABC.com network consists has a
domain named ABC.com. All servers on the domain run Microsoft Windows Server 2008 and half
the client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional.
The ABC.com network has a computer named ABC-SR12 that is configured with a SAN that has
multiple physical disk drives attached.
You have received instructions from management to execute a data archiving script on ABCSR12. However, it should only be executed when any of the logical drives has less than 25% free
space left.
How would you ensure the archiving script executes automatically with the condition is met?
A. By using a Resource View to view the free space of the physical disks in Windows Reliability
and Performance Monitor and executing the archiving script.
B. By creating an alert which is triggered when free disk space falls below 30% and executes the
archiving script.
C. By adding the Performance counter alert to the Data Collector Set.
D. By creating a counter log to track disk space usage in Performance console.
Answer: C
Explanation: To automatically run a data archiving script if the free space on any of the logical
drives is below 30 percent and to automate the script execution by creating a new Data Collector
Set, you need to add the Performance counter alert.
The Performance counter alert creates an alert if a performance counter reaches a threshold that
you specify.
You can configure your data collector set to automatically run at a scheduled time, to stop running
after a number of minutes, or to launch a task after running. You can also configure your data
collector set to automatically run on a scheduled basis. This is useful for proactively monitoring
computers.
Reference: Creating a Snapshot of a Computer's Configuration with Data Collector Sets in Vista /
How to Create Custom Data Collector Sets
http://www.biztechmagazine.com/article.asp?item_id=241
QUESTION NO: 13
"Pass Any Exam. Any Time." - www.actualtests.com
11
QUESTION NO: 14
You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named
"Pass Any Exam. Any Time." - www.actualtests.com
12
QUESTION NO: 15
You work as an enterprise administrator at ABC.com. The ABC.com has a domain named
ABC.com. All servers on the domain run Microsoft Windows Server 2008 and all client computers
run Microsoft Windows Vista. The ABC.com network contains two computers named ABC-SR08
and ABC-SR12 that is configured as WSUS servers.
How should you configure ABC-SR08 to receive approved updates from ABC-SR12?
A. By configuring ABC-SR12 as a proxy server.
"Pass Any Exam. Any Time." - www.actualtests.com
13
QUESTION NO: 16
You are working as an enterprise administrator at ABC.com. ABC.com has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers
run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2. The ABC.com
network has a domain controller named ABC-DC04 that runs the Windows Server Backup feature.
ABC.com has recently discovered that someone has deleted the Organizational Unit (OU) named
Marketing from ABC-DC04. You need to recover the Marketing OU by running a non-authoritative
restore from the latest backup media.
How would you have the non-authoritative restore performed on ABC-DC04 without disrupting the
other data stored on domain controller?
A. By using the incremental backup created of all the volumes.
B. By using the Critical volume backup.
C. By using the backup of the User state and backup of the volume that hosts Operating system.
D. By using the backup of the System and User state and backup of AD DS folders.
14
QUESTION NO: 17
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
either Microsoft Windows Vista or Microsoft Windows XP Professional SP2. The ABC.com
network has a computer named ABC-SR15 that is configured to host Active Directory Lightweight
Directory Services (AD LDS).
How would you create Organizational Units for the network divisions in the Active Directory
Lightweight Directory Services (AD LDS) application directory partition?
A. By using Active Directory Sites and Services to create the OUs.
B. By using the ADSI Edit Snap-in on the AD LDS application directory partition to create the OUs.
C. By running the Dsmgmt command to create the OUs.
D. By using Active Directory Domains and Trusts snap-in to create the OUs on the AD LDS
application directory partition.
Answer: B
Explanation: You need to use the ADSI Edit snap-in to create new OUs in the AD LDS
application directory partition. You also need to add the snap-in in the Microsoft Management
Console (MMC).
QUESTION NO: 18
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
either Microsoft Windows Vista or Microsoft Windows XP Professional SP2.
15
QUESTION NO: 19
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
either Microsoft Windows Vista or Microsoft Windows XP Professional SP2. The ABC.com
network has a computer named ABC-SR05 that is configured host the Active Directory Lightweight
Directory Services (AD LDS) service. You install a new server named ABC-SR06.
How would you replicate Active Directory Lightweight Directory Services (AD LDS) from ABCSR05 to ABC-SR06?
A. By using the ADSI Edit Snap-in to replicate the AD LDS instance.
B. By creating and installing a replica of AD LDS running the AD LDS Setup wizard on ABC-SR06.
C. By using the xcopy command to copy the entire AD LDS instance.
D. By using Active Directory Sites and Services to replicate the AD LDS instance.
Answer: B
Explanation: You need to run the AD LDS setup wizard on the computer in the lab to create and
install a replica of AD LDS. In the AD LDS setup wizard there will be an option to replicate the AD
LDS instance on another computer.
16
QUESTION NO: 20
You are a newly appointed enterprise administrator at ABC.com. ABC.com has a domain named
ABC.com that operates in the domain functional level of Windows Server 2003 Native Mode. The
client computers at ABC.com run either Microsoft Windows Vista or Microsoft Windows XP
Professional SP2. The ABC.com network has a computer named ABC-SR08 that is configured to
run the Active Directory Rights Management Services (AD RMS).
ABC.com has a Marketing division which works with documents that contain confidential company
information. How would you configure ABC-SR08 allowing the Marketing division to secure these
documents?
A. By creating and configuring an e-mail account in Active Directory Domain Services (AD DS) for
each Marketing division user.
B. By deploying Active Directory Certificate Services (AD CS) to ABC-SR08 using a group policy
to create e-mail accounts for the Marketing division.
C. By uABCrading the domain servers to Microsoft Windows Server 2008 and raising the domain
functional level to Windows Server 2008.
D. By deploying Active Directory Federation Services (AD FS) to ABC-SR08 using a group policy
to create e-mail accounts for the Marketing division.
E. By uABCrading the domain servers to Microsoft Windows Server 2008.
Answer: A
Explanation: You need to configure an email account in Active Directory Domain Services (AD
DS) for the user. Doing this you will be able to configure AD RMS to enable users to use it and
protect their documents. You can use Microsoft Word, Outlook, or PowerPoint in Microsoft Office
2007 to enable AD RMS. AD RMS can be integrated with other technologies such as smart cards.
Reference: Active Directory Rights Management Services Overview
http://technet2.microsoft.com/windowsserver2008/en/library/74272acc-0f2d-4dc2-876f15b156a0b4e01033.mspx?mfr=true
QUESTION NO: 21
You are the newly appointed enterprise administrator at ABC.com. You work as the network
administrator at ABC.com. The ABC.com Active Directory forest has a domain named ABC.com
that operates at a forest functional level of Windows Server 2008. The ABC.com network servers
run Microsoft Windows Server 2008 and the client computers run Microsoft Windows Vista. The
ABC.com network has a computer named ABC-SR08 that is configured to run the Active Directory
17
QUESTION NO: 22
You work as the enterprise administrator at ABC.com. The ABC.com network has a forest with a
domain named ABC.com. The ABC.com network has a member server named ABC-SR04 that
hosts the Active Directory Federation Services (AD FS) role.
What action should you take to have Active Directory domain data in the AD FS tokens?
A. By creating and configuring a new account store.
B. By opening a browser window to type the Federation Service URL for ABC-SR04.
C. By checking Event Viewer applications and Event ID columns for the ID 674 event.
D. By deploying and installing Active Directory Domain Services (AD DS) configured as a new
resource partner.
E. By deploying and installing Active Directory Certificate Services (AD CS) configured as a new
resource partner
Answer: A
Explanation: In order to configure the AD FS trust policy to populate AD FS tokens with
employees information from Active directory domain, you need to add and configure a new
account store.
AD FS allows the secure sharing of identity information between trusted business partners across
an extranet. When a user needs to access a Web application from one of its federation partners,
the user's own organization is responsible for authenticating the user and providing identity
information in the form of "claims" to the partner that hosts the Web application. The hosting
partner uses its trust policy to map the incoming claims to claims that are understood by its Web
"Pass Any Exam. Any Time." - www.actualtests.com
18
QUESTION NO: 23
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
either Microsoft Windows Vista or Microsoft Windows XP Professional SP2. The ABC.com
network has a computer named ABC-SR08 that is configured as the Network Access Policy (NAP)
server.
How would you configure ABC-SR08 to ensure that only able the tunnel interface and the IPv6
Loopback interface are running IPv6?
A. By running the netsh -r command at the command prompt.
B. By clearing the check box stating Internet Protocol Version 6 (TCP/IPv6) from the Local Area
Connection Properties window.
C. By running the netsh -c command at the command prompt.
D. By running the netsh -a command at the command prompt.
Answer: B
Explanation:
To disable IPv6 for all connections except for the tunnel interface and the IPv6 Loopback interface,
you need to uncheck Internet Protocol Version 6 (TCP/IPv6) from the Local Area Connection
Properties window.
This is because unlike Windows XP and Windows Server 2003, IPv6 in Windows Vista and
Windows Server 2008 cannot be uninstalled. However, you can disable IPv6 in Windows Vista
and Windows Server 2008 by doing one of the following: In the Network Connections folder, obtain
properties on all of your connections and adapters and clear the check box next to the Internet
Protocol version 6 (TCP/IPv6) components in the list.
This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on
tunnel interfaces or the IPv6 loopback interface.
Reference: IPv6 for Microsoft Windows: Frequently Asked Questions
19
QUESTION NO: 24
You work as the enterprise administrator at ABC.com. ABC.com has a forest with a domain
named ABC.com. The ABC.com network servers run Microsoft Windows Server 2008 and the
client computers run either Microsoft Windows Vista or Microsoft Windows XP Professional. The
ABC.com network has a two DHCP server named ABC-SR04 and ABC-SR05.
How would you configure ABC-SR05 to ensure a client computer named ABC-WS648 receives a
client reservation?
A. By adding a DHCP reservation for ABC-WS648 added to ABC-SR05.
B. By adding a DHCP reservation for ABC-WS648 added to ABC-SR04.
C. By running the netsh DHCP command on ABC-WS648.
D. By running the ipconfig /renew command run on ABC-WS648.
E. By running the ipconfig /release command on ABC-WS648.
Answer: A
Explanation:
A reservation is a specific IP addresses that is tied to a certain device through its MAC address.
By adding a reservation, you ensure that a machine always receives the same IP address from the
DHCP server.
In the above scenario you need to simply add the DHCP reservation for ABC-WS648 to the
second DHCP server also, so that the same reservation is available on the other DHCP server
also.
Reference: Configure a DHCP server in Windows Server 2008
http://www.zdnetindia.com/index.php?action=articleDescription&prodid=18616
Reference: DHCP Reservations and Exclusions
http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Network/DHCP
ReservationsandExclusions.html
QUESTION NO: 25
20
QUESTION NO: 26
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
either Microsoft Windows Vista or Microsoft Windows XP Professional. The ABC.com network has
a computer named ABC-SR06 that is configured to run Network Address Translation (NAT).
During the course of the day ABC.com deploys an additional computer named ABC-SR08 to
facilitate the launch of a new office.
"Pass Any Exam. Any Time." - www.actualtests.com
21
QUESTION NO: 27
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
either Microsoft Windows Vista or Microsoft Windows XP Professional SP2. The ABC.com
network contains two computers named ABC-SR10 and ABC-SR12. ABC-SR10 is running the
Active Directory Certificate Services (AD CS) service and ABC-SR12 is running Network Access
Protection (NAP).
ABC.com has a Marketing division which uses portable computers to access resources during the
business day. These computers connect to the ABC.com network via wireless access points
(WAPs).
How would you configure the Marketing division's portable computers to ensure that smart cards
can be used?
A. By using WPA2, CHAP and MSCHAP v2 authentication on portable computers.
B. By using WPA2, 802.1X authentication and EAP-TLS authentication on portable computers.
C. By using WPA, EAP, MD5 hashing with strong user passwords on portable computers.
22
QUESTION NO: 28
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
either Microsoft Windows Vista or Microsoft Windows XP Professional. The ABC.com network has
a computer named ABC-SR08 that is configured to run Network Access Protection (NAP).
ABC.com wants only client computers that have the latest critical and important updates installed
to be allowed to access resources on the network.
How would you implement this using a Group Policy Object (GPO)?
A. By having the automatic updates service disabled for the Marketing division.
B. By having the clients quarantined not installed with the required security updates.
C. By having the Windows Firewall enabled for the Marketing division on the Default Domain
Group Policy.
D. By configuring a policy to restrict remote connections for a health check.
E. By having the Windows Security Center enabled for the Marketing division on the Default
Domain Group Policy.
Answer: B
Explanation:
To ensure that client computers meet the company policy requirement, you need to Quarantine
clients that do not have all available security updates installed.
23
QUESTION NO: 29
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
ABC.com has its headquarters located in Miami. The ABC.com domain servers run Microsoft
Windows Server 2008 and the client computers run either Microsoft Windows Vista or Microsoft
Windows XP Professional SP2. The ABC.com network has a Routing and Remote Access
Services (RRAS) server named ABC-SR08.
ABC.com has a Marketing division with remote users contained in a group named KingRemote.
Members of KingRemote are requiring access to the domain when out of office. During the course
of the day ABC.com discovers that stringent security settings are required when remotely
accessing the domain. You started the maintenance by creating a remote access policy.
How should you make sure members of KingRemote use smartcards when accessing ABC-SR08
from remote locations?
A. By creating a remote access policy enabling users to authenticate connections using Extensible
Authentication Protocol-Transport Layer Security (EAP-TLS).
B. By creating a remote access policy enabling users to authenticate connections using Secure
Shell (SSH).
C. You should consider a remote access policy that requires Kerberos v5 authentication.
D. By creating a remote access policy enabling users to authenticate connections using Internet
Protocol Security (IPSec).
Answer: A
Explanation:
You should create a remote access policy that allows users to use Extensible Authentication
24
QUESTION NO: 30
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. The ABC.com network has a server named ABC-SR08 that is used to
store documents that contain confidential information.
How should you configure ABC-SR08 to be more secure?
A. By using the Domain Profile in Windows Firewall and Blocking all connections.
B. By using the Internal Profile in Windows Firewall and Blocking all connections.
C. By disabling the Secondary Logon Service in the Services snap-in.
D. By disabling the Browser service in the Services snap-in.
E. By disabling Net Logon service in the Services snap-in.
Answer: A
Explanation:
To immediately disable all incoming connections to the server, you need to enable the Block all
connections option on the Domain Profile from Windows Firewall.
You can configure inbound connections to Block all connections from Windows Firewall by
configuring Firewall properties. When Block all connections is configured for a Domain profile ,
Windows Firewall with Advanced Security ignores all inbound rules, effectively blocking all
inbound connections to the domain.
Reference: Configuring firewall properties
http://technet2.microsoft.com/windowsserver2008/en/library/19b429b3-c32b-4cbd-ae2a8e77f2ced35c1033.mspx?mfr=true
QUESTION NO: 31
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
either Microsoft Windows Vista or Microsoft Windows XP Professional SP2. The ABC.com
25
QUESTION NO: 32
"Pass Any Exam. Any Time." - www.actualtests.com
26
QUESTION NO: 33
You are employed as an enterprise administrator at ABC.com. The ABC.com has a domain
named ABC.com. All servers on the domain run Microsoft Windows Server 2008 and all client
computers run either Microsoft Windows Vista or Microsoft Windows XP Professional. The
ABC.com network has a Web server named ABC-SR05 that is configured to run Internet
Information Services (IIS). During the course of the day ABC.com instructs you to configure ABCSR05 to store information using Reliability Monitor.
How can you accomplish this task?
A. By having the Remote Access Auto Connection Manager service set to start automatically on
the ABC-SR05.
B. By having the Net Logon service set to start automatically on the ABC-SR05.
27
QUESTION NO: 34
You work as an enterprise administrator at ABC.com. The ABC.com has a domain named
ABC.com. All servers on the domain run Microsoft Windows Server 2008 and all client computers
run either Microsoft Windows Vista or Microsoft Windows XP Professional. ABC.com makes use
of two computers named ABC-DC04 and ABC-DC05.
During the course of the day you configure event subscriptions with ABC-DC05 as the default
subscription on ABC-DC04.
How can we now review the system event for ABC-DC05?
A. By opening the Event Viewer on ABC-DC05.
B. By opening the System log on ABC-DC04.
C. By opening the Forwarded Events log on ABC-DC04.
"Pass Any Exam. Any Time." - www.actualtests.com
28
QUESTION NO: 35
You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
The ABC.com network servers run Microsoft Windows Server 2008 and the client computers run
Microsoft Windows Vista. The ABC.com network has a Web server named ABC-SR09 that is
configured to run Internet Information Services (IIS).
ABC.com users complain of slow response times when they access web sites on ABC-SR09. You
investigate and discover ABC-SR09 has maximum CPU usage.
How would you gather diagnostic data regarding this problem?
A. By using Windows Reliability and Performance Monitor to check percentage of processor
capacity used.
B. By using a counter log to track the processor usage.
C. By checking the security log for Performance events.
D. By checking the error log for performance events.
E. By checking the application log for events.
F. By checking the Internet Explorer log for events.
Answer: A
Explanation: Explanation
To gather additional data to diagnose the cause of the problem, you need to use the Resource
View in Windows Reliability and Performance Monitor to see the percentage of processor capacity
used by each application.
The Resource View window of Windows Reliability and Performance Monitor provides a real-time
29
QUESTION NO: 36
ABC.com has employed you as a network administrator. ABC.com has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008 and the client
computers run either Microsoft Windows XP Professional SP2 or Microsoft Windows Vista. The
ABC.com network has a computer named ABC-SR06 that is running Active Directory Certificate
Services (AD CS) and configured as the Enterprise Root Certification Authority (CA). ABC.com
has recently configured the firewall on ABC-SR06 to block communication over ports 443 and 80.
How would you configure ABC-SR06 to ensure that certificates can be requested using a web
browser?
A. By deploying an additional computer running Active Directory Federation Services (AD FS) and
the Certification Authority Web Enrollment Role Service.
B. By deploying an additional computer running Active Directory Domain Services (AD DS) and
the Certification Authority Web Enrollment Role Service.
C. By deploying an additional computer running the Certification Authority Web Enrollment Role
Service and ensure Background Intelligent Transfer Service (BITS) is enabled.
D. By deploying an additional computer running the Certification Authority Web Enrollment Role
Service.
Answer: D
Explanation:
QUESTION NO: 37
You work as an enterprise administrator at ABC.com. ABC.com has a domain named ABC.com.
All servers on the ABC.com network run Windows Server 2008 and all client computers run either
Microsoft Windows Vista or Microsoft Windows XP Professional SP2. The ABC.com network has a
domain controller named ABC-DC08 that is backed up every night. ABC.com has a Marketing
division with an organizational unit (OU) named MarketingDiv.
30
QUESTION NO: 38
ABC.com has employed you as a network administrator. ABC.com has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008 and the client
computers run either Microsoft Windows XP Professional or Microsoft Windows Vista. The
ABC.com network contains two domain controllers named ABC-DC04 and ABC-DC05.
You have become aware of malicious users trying to access the ABC.com network.
How would you track unsuccessful attempts by malicious users to logon to the network?
A. By checking the Event Viewer Internet Explorer log on ABC-DC04 and ABC-DC05.
B. By checking the Windows error log on ABC-DC04 and ABC-DC05.
C. By checking the Event Viewer security log on ABC-DC04 and ABC-DC05.
D. By executing the netsh /events command on the command prompt on ABC-DC04 and ABCDC05.
Answer: C
Explanation: In order to identify the logon attempts on the domain controllers you need to access
the Event Viewer and check the logon attempts. The Event viewer will tell you the IP address and
other details of the user account which was used to logon to the domain controllers.
QUESTION NO: 39
ABC.com has hired you as a systems administrator for their network. ABC.com has a domain
named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client
31
QUESTION NO: 40
You are working as an enterprise administrator at ABC.com. ABC.com has a forest with a domain
named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client
computers run either Microsoft Windows Vista or Microsoft Windows XP Professional. The
ABC.com network has a domain controller named ABC-DC08 with the Directory Services
Recovery Mode (DSRM).
Which of the utilities listed below would be suitable to use when required to have the DSRM
password on ABC-DC08reset?
A. By using Active Directory Security for Computers snap-in.
B. By using the ntdsutil utility.
C. By using the Netsh utility.
D. By using the Domain Controller security snap-in.
Answer: B
Explanation: You should use the ntdsutil utility to reset the DSRM password. You can use
Ntdsutil.exe to reset this password for the server on which you are working, or for another domain
controller in the domain. Type ntdsutil and at the ntdsutil command prompt, type set dsrm
password.
Reference: http://support.microsoft.com/kb/322672
32
QUESTION NO: 41
You are the newly appointed enterprise administrator at ABC.com. ABC.com has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008 and the client
computers run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2. The
ABC.com network has a domain controller named ABC-DC08 that is hosting ntds.dit file on its
secondary hard disk labeled drive D.
Which of the processes would you use when required to move the ntds.dit file to a newly installed
volume?
A. By using the Files option in the Ntdsutil utility and moving the ntds.dit file to the new volume.
B. By using the Windows Power Shell Copy Paste function to move the ntds.dit file to the new
volume.
C. By using XCOPY to move ntds.dit file to the new volume.
D. By using Windows Explorer to move ntds.dit file to the new volume.
Answer: A
Explanation: The way you move the Active Directory database to a new volume, is to move the
ntds.dit file to the new volume by opening the Files option in the ntdsutil utility. Use Ntdsutil.exe to
move the database file, the log files, or both to a larger existing partition.
Reference: http://technet2.microsoft.com/windowsserver/en/library/af6646aa-2360-46e4-81cad51707bf01eb1033.mspx?mfr=true
QUESTION NO: 42
You are working as an enterprise administrator at ABC.com. ABC.com has a forest with a domain
named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client
computers run either Microsoft Windows Vista or Microsoft Windows XP Professional. The
ABC.com network has a computer named ABC-DC08 that is configured as the domain controller
and backup server.
ABC.com recently added an additional hard disk partitioned into three logical drives. During the
course of the day ABC-DC04 suffers a catastrophic hard disk failure. You replace the hard disk
and partition it into three logical drives of the same size as the original hard disk.
How would you recover the operating system and files?
"Pass Any Exam. Any Time." - www.actualtests.com
33
QUESTION NO: 43
You are employed as the network administrator at ABC.com. ABC.com has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client computers
run either Microsoft Windows Vista or Microsoft Windows XP Professional SP2. The ABC.com
network has three domain controllers named ABC-DC01, ABC-DC02 and ABC-DC03.
How would you use ABC-DC01 to locate an error message on all domain controllers related to
replication?
A. By using the Event Viewer Directory Service log.
B. By using Active Directory Sites and Services administrative tool.
C. By using the Computer Management tool.
D. By checking the Event Viewer System log.
Answer: A
Explanation: The Directory Service event log will hold all error messages as well as information
linked to replication. These details are helpful when troubleshooting replication problems.
QUESTION NO: 44
You are a newly appointed enterprise administrator at ABC.com. ABC.com has a forest with a
domain named ABC.com. ABC.com has its headquarters in Chicago and a Marketing division in
Boston. The ABC.com network contains only Windows Server 2003 domain controllers that are all
located in the Chicago office. You need to install a Windows Server 2008 Read-Only Domain
Controller (RODC) named ABC-DC04 in the Boston office.
How would you accomplish this task?
A. By uABCrading ABC-DC01 to Windows Server 2008 and executing the adprep /rodcprep
command.
"Pass Any Exam. Any Time." - www.actualtests.com
34
QUESTION NO: 45
You are employed as an enterprise administrator at ABC.com. The ABC.com has a domain
named ABC.com. All servers on the domain run Microsoft Windows Server 2008 and all client
computers run Microsoft Windows Vista. The ABC.com network has a computer named ABCDC07 which runs Network Monitor 3.0. ABC-DC07 has the IP address 192.168.12.4 and the Mac
Address of 00-15-F2-CD-2A-43. ABC.com has recently configured the capturing DHCP serverrelated traffic by selecting P-mode in Network Monitor 3.0.
ABC.com users complain that they cannot access a file server named ABC-SR12. You run the
ipconfig /all command on ABC-SR12 and receive the output shown in the exhibit:
How would you capture DHCP related traffic between ABC-DC07 and ABC-SR12?
A. By using the IPv4 address == 169.254.1.140 && DHCP to build a filter in Network Monitor.
B. By using the MAC Address == 0x0B042D854AF3 && DHCP to build a filter in Network Monitor.
C. By using the MAC Address == 0x0015F2CD2A43 && DHCP to build a filter in Network Monitor.
D. By using the IPv4. Address == 192.168.12.4 && DHCP to build a filter in Network Monitor.
Answer: D
Explanation: To build a filter in the Network application to capture the DHCP traffic between ABCDC07and ABC-WS648, you need to use IPv4.Address == 192.168.12.4 && DHCP.
"Pass Any Exam. Any Time." - www.actualtests.com
35
QUESTION NO: 46
You are the newly appointed enterprise administrator at ABC.com. ABC.com has a domain named
ABC.com. All servers on the ABC.com network run Windows Server 2008 and the client
computers run either Microsoft Windows XP Professional SP2 or Microsoft Windows Vista. The
ABC.com network has a domain controller named ABC-DC04. The I/O times to read data from
ABC-DC04 have become slower. You suspect that this is a result for fragmentation of the hard
disk. As ABC-DC04 is a domain controller, you decide to defragment the file for Active Directory
database by taking the file offline.
How would you complete the task?
A. By starting ABC-DC04 in the Directory Services restore mode and running the defrag utility.
B. By starting ABC-DC04 in the Directory Services restore mode and running the Ntdsutil utility
C. By stopping the Domain controller service in the Services MMC and running the Ntdsutil utility
D. By stopping the Domain controller service in the Services MMC and running the Defrag utility.
Answer: C
Explanation: You need to stop the Domain Controller service in the Microsoft Management
Console (MMC) and then run the Ntdsutil tool. With this you can do offline defragmentation of the
Active Directory database on ABC-DC04. Furthermore, the other mission critical services can
continue running. You can use the restart feature of AD DS to stop AD DS so that you can perform
the defragmentation of Active Directory objects.
Reference: Superior Identity Management Features in Windows Server 2008 Enterprise and
Windows Server 2008 Datacenter / Directory Services: Active Directory Domain Services
http://download.microsoft.com/download/8/2/f/82fa3808-7168-46f1-a07bf1a7c9cb4e85/WS08%20Identity%20Management%20Features%20White%20Paper_FINAL.doc
36
QUESTION NO: 47
You are the network administrator for your company. Your company decides to uABCrade the
existing Windows Server 2003 computers to Windows Server 2008. You perform a pilot uABCrade
on one of the Windows Server 2003 computers.
Immediately after the successful uABCrade, you restart the server, and open the Reliability
Monitor console to view system stability information. However, the Reliability Monitor does not
display any data in the System Stability Chart.
What could be the cause for this problem?
A.
B.
C.
D.
You have not used valid administrative credentials to log on to the server.
You have not created a Data Collector Set.
Running the Reliability Monitor for the first time on a new server does not display any data.
The server must be running at least 24 hours after installation and restart
Answer: D
Explanation:
QUESTION NO: 48
You are the network administrator for your company. The company network runs on Windows
Server 2008. All the client computers run Windows Vista.
You have a branch office and a main office. You need to monitor all the frames that pass over the
network to a local buffer, regardless of the destination address.
What should you do?
A.
B.
C.
D.
Answer: C
Explanation:
QUESTION NO: 49
You administer your company's network. The network consists of a single Active Directory
domain. All servers run Windows Server 2008, and all client computers run Windows Vista. The
company's written security policy stipulates that employees must use certificates for remote
37
QUESTION NO: 50
You are the network administrator for your company. You have recently installed Windows Server
2008 for your company. You want to create a test network of five subnets that will use IPv6. You
have to create the network in such a way that the client computers on the test network are able to
communicate with each other while ensuring that they cannot access the Internet. In addition, the
addresses used should be unique across all sites within your company.
Which IP address could you use?
A.
B.
C.
D.
0:0:0:0:0:0:0:0
FE80:AB10:2B5C:B000:: /64
FD00:AB10:2B5C:B000::/8
FEC0:AB10:2B5C:B000::/10
Answer: C
Explanation:
QUESTION NO: 51
Your network consists of a single Active Directory domain in which all servers run Windows Server
2008. You are planning a secure remote access infrastructure that includes three servers:
WINNPS: Network Policy Server
38
Answer: C
Explanation:
QUESTION NO: 52
Your organization consists of an IP internetwork that is routed by a multihomed Windows Server
2008 member server that is configured with the RRAS server role. You need to configure a
persistent default route on the server from the command prompt that sends all default traffic out of
the interface with IP address 192.168.1.1. What action should you perform?
Select the best answer.
A. Issue the command route print 192.168.1.0 on the server.
B. Issue the command route -persistent 192.168.1.0 on the server.
C. Issue the command route -p add 0.0.0.0 mask 0.0.0.0 192.168.1.1 on the server.
D. Issue the command route -p add 255.255.255.255 mask 255.255.255.255 192.168.1.1 on the
server.
Answer: C
Explanation:
QUESTION NO: 53
Your organization is planning to migrate from an IPv4 infrastructure to an IPv6 infrastructure. Your
manager is concerned about how IPv6 packets can be routed over the public Internet, especially
to destinations that still use IPv4. What actions should you perform?
Choose TWO. (Each correct answer represents an independent solution.)
A. Deploy the Teredo transition technology in your network.
B. Deploy NAT in your network.
"Pass Any Exam. Any Time." - www.actualtests.com
39
QUESTION NO: 54
Henry is the systems administrator for his company. The company has a total of 20 servers
running Windows Server 2008 Enterprise and 100 workstations running Window Vista. Although
every machine on the network is running antivirus software, one of the users inadvertently
downloaded a Trojan virus which spread through the network to one of the servers. After removing
both the server and the workstation from the network, Henry runs a removal tool and is able to
completely remove the virus from both machine Now, when either machine is booted up, both of
them have the Task Manager option disabled from the Ctrl+Alt+Del screen. When Henry tries to
run the Task Manager from Windows Explorer, it says that the Task Manager has been disabled
by the administrator How can Henry re-enable the Task Manager for the server and the
workstation?
Select the best answer.
A. Henry must open the Local Computer Policy first from the command line. He then needs to go
to Computer Configuration, Administrative Templates, System, Ctrl+Alt+Del Options and disable
the setting that states "Remove Task Manager".
B. Henry must open the Local Computer Policy first from the command line. He then needs to go
to User Configuration, Windows Settings, System, Ctrl+Alt+Del and enable the setting that states
"Enable Task Manager".
C. To re-enable the Task Manager, Henry must open the Local Computer Policy from the
command line. Then, he needs to navigate to User Configuration, Administrative Templates,
System, Crtl+Alt+Del Options and disable the "Remove Task Manager" setting.
D. Henry must re-apply the latest service packs for both Windows Server 2008 and Windows
Vista for the Task Manager to be enabled.
Answer: C
Explanation:
QUESTION NO: 55
Your organization's single Active Directory domain consists of a mixed IPv4/IPv6 environment. All
servers run Windows Server 2008, and all client workstations run Windows Vista. You need to
ping a file server named FS01.BIRCO.LAN that uses an IPv6 address. What actions should you
perform?
Choose TWO. (Each correct answer represents an independent solution.)
40
A.
B.
C.
D.
Answer: B,D
Explanation:
QUESTION NO: 56
You are the network administrator for your company, a large financial institution in Memphis. You
are getting ready to purchase three new servers that will be used to carry out financial audits at
different banking locations. These servers will be placed in a large enclosed case with casters and
wheeled into the different locations to perform the audits. When you get the servers, you will install
Windows Server 2008 Enterprise on all of them. You thought about installing Core Server because
of its inherent security, but you thought against it since it would be more difficult to work on the
servers without a Windows interface. Since the servers will store sensitive information and will be
mobile, you have decided to install BitLocker on all the servers for added security and protection
when they are purchased. You really like the BitLocker feature that prevents stolen hard drives
from being used in other computers in order to steal data. What hardware feature must the servers
come with so that they can implement the BitLocker technology which prevents hard drives from
being used in other computers?
Select the best answer.
A. The servers must have Ultra Wide SCSI-3 support on their backplanes. This will ensure that
BitLocker can communicate between the firmware and the MBR on the first hard drive of the
server.
B. In order for the BitLocker software to check that the hard drives have not been tampered with
or switched out, the servers must have DDR RAM installed. DDR RAM is necessary to keep up
with the speed at which the firmware talks to the hard drives on boot.
C. An EPROM version 2.9 or later chip must be installed on the server motherboards. The chip
stores the OTP passwords used by BitLocker to verify firmware and hardware.
D. You must make sure that the new servers have a TPM version 1.2 or higher chip installed on
the motherboards. This chip checks to make sure that the drive(s) have not been tampered with
while the system is offline.
Answer: D
Explanation:
QUESTION NO: 57
Your organization consists of a single Active Directory domain named Birdco.com in which all
servers run Windows Server 2008. Three of these servers, WSUS01, WSUS02 and WSUS03, are
configured with Windows Server Update Services (WSUS). You need to configure WSUS such
"Pass Any Exam. Any Time." - www.actualtests.com
41
Answer: B
Explanation:
QUESTION NO: 58
Justin is the systems administrator for the University of Southwest Oklahoma. The university's
network is a Windows Server 2008 Active Directory network. All network users are using Microsoft
Exchange 2007. Because of the sensitive information that users send back and forth in email,
many Exchange users are utilizing S/MIME to encrypt their email. To accommodate S/MIME,
Justin has installed an Active Directory Certificate Server. The only problem is that there are many
satellite schools associated with the university that need to use S/MIME as well. Instead of
installing Certificate Authorities at all the satellite schools, Justin has decided to deploy online
responders so clients can check certificate status through HTTP. Periodically, Justin checks the
IIS servers that are working as Online Responders to ensure that they are working properly. From
the servers' log files, Justin can see that most of them are responding with cached answers since
they are receiving so many requests. He can also see that requests are answered very quickly
within a 120 second interval; then requests take longer to answer. Justin knows that the online
responders use ISAPI extension caching, but not in this manner.
What mechanism is caching responses for 120 seconds in order to answer requests quicker?
Select the best answer.
A. Network Load Balancing is being used by the online responders to route requests and cache
responses to provide answers quicker.
B. The IIS HTTP.SYS library is what is being used to cache responses for 120 seconds. The
library file helps to cache responses in addition to the OCSP ISAPI extension caching.
C. The CACHING.XML file, which is installed by default with IIS, handles client requests quickly
by caching responses for up to 120 seconds at a time.
D. The CACHING.SYS library file built into IIS is being used to cache responses for 120 seconds
to respond to requests.
Answer: B
Explanation:
42
QUESTION NO: 60
Your company has recently increased in size, after acquiring another company twice the size. You
have been given the task to set up a cluster in the main datacenter. You have been given the
scope of the project and decided that the cluster will have to consist of eight nodes for high
availability. Which editions of Windows Server 2008 will not be suitable for the eight nodes in the
cluster?
(Choose all that apply.)
A.
B.
C.
D.
Answer: A,D
Explanation:
QUESTION NO: 61
You have been asked to install the first Windows Server 2008 server in the domain. This server
will be for testing purposes, so you will use older hardware with minimum hardware requirements
for Windows Server 2008. You have decided to install a 32-bit edition of Server 2008 Standard
Edition. What is the minimum amount of disk space required to install the Standard Edition of
Server 2008?
A. 8 GB
"Pass Any Exam. Any Time." - www.actualtests.com
43
QUESTION NO: 62
You have recently been transferred to the DNS team at a large multinational company, and are
working feverously learn about DNS. Lately youve been working on the difference between clientto-server and server-to-server queries. Which of the following are true? (Select all that apply).
A.
B.
C.
D.
Answer: A,C,D
Explanation:
QUESTION NO: 63
You are the DNS administrator for a mid-sized organization. As part of the uABCrade process, you
put in a request to transition all DNS services to AD integrated zones. When your manager asks
about the key features involved, what do you tell her? (Select all that apply).
A.
B.
C.
D.
You tell her that AD integrated zones are stored in Active Directory.
You tell her that all zone records are stored as AD objects and have object level security.
You tell her that it enables secure dynamic updates.
You tell her that replication is much more efficient and secure.
Answer: A,B,C,D
Explanation:
QUESTION NO: 64
The Web development team has requested that you implement a new Web server in a DMZ that
will be used for presenting Web sites to customers. Which of the following is NOT a reason for
using Windows Server 2008 Core Server?
A. A Core installation does not require a Windows Server 2008 license.
B. A Core installation does not provide GUIs, which limits console access.
C. Core Server installs fewer services than a full installation of Windows Server 2008.
"Pass Any Exam. Any Time." - www.actualtests.com
44
QUESTION NO: 65
You have a Windows Server 2003 R2 domain currently running in your organization. You would
like to install a read-only domain controller into your Directory Services structure, but you do not
want to completely uABCrade your domain to Windows Server 2008 Directory Services just yet.
What do you need to do in order to add an RODC?
A. Change the domain functional level to Windows Server 2008 mixed mode.
B. Change the forest functional level to Windows Server 2008 mixed mode.
C. Run adprep on a Windows Server 2003 R2 domain controller.
D. An RODC cannot be added until the entire domain is a Windows Server 2008 Directory
Services domain.
Answer: C
Explanation:
QUESTION NO: 66
You are engaged in an exercise that is meant to demonstrate the Public-Key Cryptography
Standards (PKCS) used in modern encryption. You arrive at a portion of the exercise which
outlines the encryption of data using the RSA algorithm. Which of the following PKCS does this
exercise address?
A.
B.
C.
D.
PKCS #5
PKCS #1
PKCS #8
PKCS #9
Answer: B
Explanation:
QUESTION NO: 67
You are the administrator of your companys Windows Server 2008-based network and are
attempting to enroll a smart card and configure it at an enrollment station. Which of the following
certificates must be requested in order to accomplish this action?
A. A machine certificate.
"Pass Any Exam. Any Time." - www.actualtests.com
45
QUESTION NO: 68
You are the domain administrator for your company. Your network consists of multiple DCs at
multiple sites. A DC at your local site is having problems with replicating. You need to know when
this DC last attempted to perform an inbound replication on the Active Directory partitions. How
would you accomplish this?
A.
B.
C.
D.
Answer: D
Explanation:
QUESTION NO: 69
You are the domain administrator for your company. At your site you have a single DC that also
acts as an application server. From 10:00 a.m. to 4:00 p.m., users complain about slow logons to
the network and that accessing resources from this DC is incredibly slow during most of the
workday. You log on to the DC, pull up the Task Manager, and notice that a process called
CustApp.exe is using just more than 90% of the CPU cycles. The application must remain running
during the day, but you also need to resolve the slow logon issues.
There is no money in the budget for additional hardware. What is the best way to handle this
situation?
A. Go into the Windows System Resource Manager on the DC, and create a new recurring
calendar event to start at 8:00 a.m. and end at 5:00 p.m. daily. Associate the event with the
Equal_ Per_ Process policy.
B. Go into the Task Manager and into the Processes tab. Find CustApp.exe and set the priority to
Below Normal.
C. Go into the Task Manager and into the Process tab. Find CustApp.exe and end the process.
D. Purchase a second server to run only the CustApp.exe application
Answer: A
Explanation:
46
QUESTION NO: 71
Youve just taken over the domain-level administration for a mid-size company. The previous
administrator did not use group policy software deployment. You have just configured and tested
your first published application to users. The application was designed to be used by all users in
the accounting department. You created the software distribution point and copied the installation
files over to it. You then created the GPO and linked it to the AcctgUsers OU, which contains all
user accounts for the department. When the users log on to their computers, the application is
visible in Control Panel | Add or Remove Programs, but when users attempt the installation it fails.
When you log on from a computer in accounting, you are able to access the installation files and
run them manually. Which one of the following is most likely the problem?
A.
B.
C.
D.
Answer: B
Explanation:
QUESTION NO: 72
Your company, mycompany.com, is merging with the yourcompany.com company. The details of
the merger are not yet complete. You need to gain access to the resources in the
yourcompany.com company before the merger is completed. What type of trust relationship
should you create?
A. Forest trust
B. Shortcut trust
"Pass Any Exam. Any Time." - www.actualtests.com
47
QUESTION NO: 73
You recently completed a merger with yourcompany.com. Corporate decisions have been made to
keep the integrity of both of the original companies; however, management has decided to
centralize the IT departments. You are now responsible for ensuring that users in both companies
have access to the resources in the other company. What type of trust should you create to solve
the requirements?
A.
B.
C.
D.
Forest trust
Shortcut trust
External trust
Tree root trust
Answer: A
Explanation:
QUESTION NO: 74
You need to set up a network in the lab for a training class. You want to isolate the lab network
from the rest of the corporate network so students dont inadvertently do something that takes the
entire network down. What IP addressing method would you use?
A.
B.
C.
D.
Answer: D
Explanation:
QUESTION NO: 75
You have a growing network that originally was configured using the private Class C address
space. However, youre now about to grow beyond the maximum number of devices and need to
expand but you dont anticipate needing more than a total of 290 addresses. What action would
you take to solve this problem that would create the least disruption to your network?
A. Install a router. Create two new scopes on your DHCP Server and reassign IP addresses.
"Pass Any Exam. Any Time." - www.actualtests.com
48
QUESTION NO: 76
You are asked by your employer to set up a LAN using Windows 2008 Server RRAS. Which of
these types of routing algorithms or protocols cannot be used to organize the signal flow between
the devices in the network, according to the supported Windows Server 2008 features?
A.
B.
C.
D.
RIP
RIP2
OSPF
None of the Above
Answer: C
Explanation:
QUESTION NO: 77
You are working with a server running the RRAS that is configured for the Windows authentication
provider. You have administered several policies from RRAS to the server. Which of the following
connection settings cannot be validated before authorization occurs by the policies you set up?
A. Advanced conditions such as access server identity, access client phone number, or MAC
address.
B. Remote access permission.
C. Whether user account dial-in properties are ignored.
D. None of the above.
Answer: D
Explanation:
QUESTION NO: 78
The NAP Health Policy Server is responsible for storing health requirement policies and provides
health state validation for the NAP Infrastructure. What Windows Server 2008 roles have to be
installed for the NAP Health Policy Server to be configured?
A. Active Directory Domain Role
B. NPS Server Role
"Pass Any Exam. Any Time." - www.actualtests.com
49
QUESTION NO: 79
You have decided to implement NAP into your existing network. During the design, you need to
make a decision as to how the Restricted Network will be secured from the Remediation Network.
Given the options below, which one(s) would work in this scenario?
A.
B.
C.
D.
Answer: A,C,D
Explanation:
QUESTION NO: 80
Yancey is the systems administrator for his company. The entire company's network consists of
one 2008 Active Directory domain, with 20 servers running Windows Server 2008, and 250
workstations running Windows Vista. Of the 20 servers, 4 of them hold the operations master
roles. SVR1 holds the schema master and domain naming master role. SVR2 holds the RID
master role. SVR3 holds the infrastructure master role. SVR4 holds the PDC emulator role. One of
Yancey's junior administrators is planning to take SVR2 down for maintenance over a two day
span. During that same time, another junior administrator is scheduled to add a number of user
accounts to the domain for recently hired employees. Yancey needs to make sure that the junior
administrator can add user accounts to the domain while SVR2 is down and also that user account
creation will be possible after SVR2 is brought back online. What does Yancey need to do to
accomplish this?
Choose TWO.
A.
B.
C.
D.
Answer: A,B
Explanation:
50
QUESTION NO: 82
You are the systems administrator for your company. The network contains an Active Directory
Lightweight Directory Services (AD LDS) server that runs Windows Server 2008. The AD LDS
server provides directory services to various applications.
You are required to manage AD LDS directories. Which three tools can you use? (Each correct
answer presents a complete solution. Choose three.)
A. Dsamain.exe
B. Active Directory Sites and Services
"Pass Any Exam. Any Time." - www.actualtests.com
51
QUESTION NO: 83
You are the systems administrator for your company, a plastic container manufacturer and
distributor. The company's network consists of a single Active Directory forest. The network
contains an Internet Information Services (IIS) server that hosts a Web application that allows
users to purchase your company's products online.
Your company has a partner organization, a graphic design firm that designs your company's
products. The partner company has its own Active Directory forest. You are required to enable
users in the partner organization to access your Web application without being prompted for
secondary credentials.
Which Windows Server 2008 server role should you install in your network to provide Web-based
Single-Sign-On (SSO) capabilities to users in the partner organization?
A.
B.
C.
D.
Answer: B
Explanation:
QUESTION NO: 84
You are the network administrator for your company. All servers on the company's network run
Windows Server 2008. You are required to install a Dynamic Host Configuration Protocol (DHCP)
server on the network to enable client computers on the network to obtain IP address
automatically from the DHCP server.
You want to ensure that when you install the DHCP server, the server is automatically authorized.
What should you do?
A. Install the DHCP server on a server that is member of the domain.
B. Install the DHCP server on a stand-alone server.
C. Install the DHCP server on the domain controller.
D. Install the DHCP server on a member server and the DHCP Relay Agent on the domain
controller.
52
QUESTION NO: 85
You are the systems administrator for your company. The company's network consists of a single
Active Directory domain. All domain controllers run Windows Server 2008, and all client computers
run Windows Vista. You have a public key infrastructure that has a subordinate enterprise
Certification Authority (CA), which issues certificates on behalf of the root CA.
You have a certificate template that allows users to autoenroll, and a group policy object that
distributes the certificates to users. All users are able to automatically obtain certificates. You now
want routers and other network devices are able to obtain certificates from the CA.
What should you do?
A. Assign the routers and network devices the Autoenroll permission in a certificate template.
B. Change the Publish Delta CRL to 1 hour so expired certificates for routers and network devices
are published in Active Directory.
C. Install the Online Certificate Status Protocol (OCSP) role service for AD CS.
D. Install the Microsoft Simple Certificate Enrollment Protocol (MSCEP) role service for AD CS.
Answer: D
Explanation:
53