MCTS: WINDOWS SERVER 2008 70-642 Q&A
®
Pierre Askmo, dti Publishing
Course Technology PTR A part of Cengage Learning
Australia, Brazil, Japan, Korea, Mexico, Singapore, Spain, United Kingdom, United States
MCTS: Windows® Server 2008 70-642 Q&A Pierre Askmo, dti Publishing
Publisher and General Manager, Course Technology PTR: Stacy L. Hiquet Associate Director of Marketing: Sarah Panella Manager of Editorial Services: Heather Talbot Marketing Manager: Mark Hughes Acquisitions Editor: Megan Belanger Project/Copy Editor: Kezia Endsley
© 2009 dti Publishing ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored, or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks, or information storage and retrieval systems, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the publisher.
For product information and technology assistance, contact us at Cengage Learning Customer & Sales Support, 1-800-354-9706 For permission to use material from this text or product, submit all requests online at cengage.com/permissions. Further permissions questions can be e-mailed to
[email protected].
PTR Editorial Services Coordinator: Jen Blaney
All trademarks are the property of their respective owners.
Interior Layout Tech: Bill Hartman
Library of Congress Control Number: 2008941544
CD-ROM Producer: Brandon Penticuff
ISBN-10: 1-59863-896-3
Cover Designer: Mike Tanamachi Proofreader: Sandy Doell
ISBN-13: 978-1-59863-896-7
eISBN-10: 1-43545-452-9 Course Technology, a part of Cengage Learning 20 Channel Center Street Boston, MA 02210 USA
Cengage Learning is a leading provider of customized learning solutions with office locations around the globe, including Singapore, the United Kingdom, Australia, Mexico, Brazil, and Japan. Locate your local office at: international.cengage.com/region.
Cengage Learning products are represented in Canada by Nelson Education, Ltd.
For your lifelong learning solutions, visit courseptr.com. Visit our corporate Web site at cengage.com.
Printed in Canada 1 2 3 4 5 6 7 12 11 10 09
ACKNOWLEDGMENTS
I
want to thank and recognize the dti Publishing team that made this book possible—Joe Celona and Joey Celona Jr. for their irreplaceable contributions to the formulation of the questions. Robert Miller should be recognized for his patient and hard work on the entirety of the texts and thanks to John Macomber and Anne-Marie Suckley for their very dedicated efforts in building and compiling the companion CertBlaster software on the CD.
ABOUT
P
THE
AUTHOR
resident and founder of dti Publishing Corp., Pierre Askmo has extensive experience in the IT certification field. He is the designer of the dtiMetrics™ assessment system. Mr. Askmo’s deep involvement in the IT industry is testified to by his early days’ involvement as a Cornerstone Founding Partner of the A+ Certification program at the Computing Technology Industry Association (CompTIA). Mr. Askmo went on to sit on the A+ Executive committee that designed the A+ certification program and to participate in the Network+ and Server+ Advisory panels. As a former member of the IT Skills Curriculum Group of the U.S. Department of Labor, Mr. Askmo contributed to define the mix of skills deemed necessary to succeed in the IT professions. Mr. Askmo has co-authored the Thomson Course Technology book A+ Q & A, and in 2004 was a co-author with Robert Miller of the book Network+ Certification (Prentice Hall). Mr. Askmo is also an item writer for IT certifications and has worked on CertBlaster test preparation titles for MCSE, MCSA, and now MCTS and MCITP. Mr. Askmo is also the designer of the new powerful and user-friendly dtiMetrics™ assessment system solution that helps students master essential computer concepts and prepare for IT certification.
This page intentionally left blank
CONTENTS Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
PART I: PREPARING FOR THE TEST CHAPTER 1 Understanding Exam 70-642: The Microsoft (MCP) Program . . . . . . . . . . . . . . . . . . . . . Who Is the 70-642 Exam Intended For? . . . The Exam Objectives . . . . . . . . . . . . . . . . . Summary . . . . . . . . . . . . . . . . . . . . . . . . . .
Certified Professional ................. ................. ................. .................
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
CHAPTER 2 Exam Strategies and Tactics . . . . . . . . Signing Up for the Test . . . . . . . . . . . . At the Testing Center . . . . . . . . . . . . . The Exam . . . . . . . . . . . . . . . . . . . . . . Test Taking Strategies . . . . . . . . . . . . . Common Question Types . . . . . . . . . . Using CertBlaster for Test Preparation . Summary . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
.7 .7 .8 .9 .9 10 12 17
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
3 4 5 6
PART II: PRACTICE TESTS CHAPTER 3 Configuring IPv4 and IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Test Preparation Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 CHAPTER 4 Configuring Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Test Preparation Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 CHAPTER 5 Configuring Network Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Test Preparation Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
v
vi
MCTS: Windows Server 2008 70-642 Q&A
CHAPTER 6 Configuring File and Print Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Test Preparation Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 CHAPTER 7 Monitoring and Managing a Network Infrastructure . . . . . . . . . . . . . . . . . . . . 163 Test Preparation Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
PART III: ANSWERS TO PRACTICE TESTS ANSWERS FOR CHAPTER 3 Configuring IPv4 and IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
ANSWERS FOR CHAPTER 4 Configuring Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 ANSWERS FOR CHAPTER 5 Configuring Network Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 ANSWERS FOR CHAPTER 6 Configuring File and Print Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 ANSWERS FOR CHAPTER 7 Monitoring and Managing a Network Infrastructure . . . . . . . . . . . . . . . . . . . . 233
PART IV: SUPPLEMENTARY INFORMATION APPENDIX A Exam Objectives for MCITP: Server Administrator . . . . . . . . . . . . . . . . . . Skills Measured for Exam 70-640: Windows Server 2008, Active Directory Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Skills Measured for Exam 70-642: Windows Server 2008, Active Directory Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Skills Measured for Exam 70-646: Windows Server 2008, Server Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 243 . . . . 243 . . . . 246 . . . . 248
Contents APPENDIX B Exam Objectives for MCITP: Enterprise Administrator . . . . . . . . . . . . . . . Skills Measured for Exam 70-640: Windows Server 2008 Active Directory, Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Skills Measured for Exam 70-642: Windows Server 2008 Active Directory, Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Skills Measured for Exam 70-646: Windows Server 2008, Server Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Skills Measured for Exam 70-620: Windows Vista, Configuring . . . . . . . . . Skills Measured for Exam 70-624 MCTS: Deploying and Maintaining Windows Vista Client and 2007 Microsoft Office System Desktops . . . . Skills Measured for Exam 70-647: Windows Server 2008, Enterprise Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
vii
. . . . 251 . . . . 251 . . . . 254 . . . . 256 . . . . 257 . . . . 258 . . . . 259
APPENDIX C Installation Instructions for CertBlaster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
INTRODUCTION W
elcome to MCTS: Windows Server 2008 70-642 Q&A. It is the exam preparation guide to help you pass Microsoft’s exam 70-642, which is one of three core exams in the Windows Server 2008 certification program. This book is aimed strictly at test preparation and review and includes review questions covering all exam 70-642 objectives, including: ■ ■ ■ ■ ■
Configuring IPv4 and IPv6 Configuring name resolution Configuring network access Configuring file and print services Monitoring and managing a network infrastructure
This book also incorporates four full practice exams on the powerful CertBlaster test prep and exam simulation software on the CD (for installation instructions, see Appendix C). Before you study this text, you should start by using the CertBlaster test prep software for one exam in Assessment mode. This will yield, after the test, a “Personal Study Plan” (PSP) that will tell you which exam objectives you need to focus on. If the PSP tells you that you need to study it all, so be it; it is still not a waste of time (more on CertBlaster in Chapter 2). Note that the chapters in this book are organized per main exam objective. Chapters 3 through 7 cover successively the main objectives seen in the previous list.Therefore, if the PSP directs you to just focus on a few objectives, you can easily zoom in on them in this book because of the way it is structured. If this book and the CertBlaster software are your only tools for preparing for this exam, you better be quite experienced or be in a class that covers the actual foundational knowledge required for the 70-642 exam.This book will help prepare the knowledgeable. It doesn’t teach the relevant content; it helps you prepare and take the exam. If you are on your own preparing for this exam and need additional material, check out Configuring Windows Server 2008 Network Infrastructure, by Tony Northrup and J.C. Mackin (published by MS Press). Good luck!
viii
Part I
PREPARING FOR THE TEST
This page intentionally left blank
CHAPTER
1
UNDERSTANDING EXAM 70-642: THE MICROSOFT CERTIFIED PROFESSIONAL (MCP) PROGRAM T
he MCP program has, over the years, seen many evolutions and today has grown into a complete, complex, and mature program. Currently the MCP includes a multitude of distinct tracks, although this book does not cover them all. Instead, it covers the certifications related to exam 70-642. Here are the MCTS and MCITP tracks: ■ ■
MCITP stands for Microsoft Certified Information Technology Professional MCTS stands for Microsoft Certified Technology Specialist
“Professional” ranks higher in the Microsoft certification hierarchy than “Specialist.” All the newer exams are prefaced by the “TS” for Technology Specialist or “PRO,” obviously for Professional, as in Information Technology Professional. The Microsoft Certified Technology Specialist (MCTS) is someone who has completed at least one MCTS exam.The MCTS denotes an individual who has demonstrated skills and knowledge of one product and is thus product specific. The Microsoft Certified Information Technology Professional (MCITP), on the other hand, is someone who has completed a suite of MCTS exams, determined by Microsoft. The MCITP denotes an individual who has demonstrated skills and knowledge over a group of Microsoft products. These product groupings are organized by Microsoft to reflect a well-defined IT job. The MCTS has knowledge about a specific product, whereas the wider-reaching MCITP has competence in a professional area (see Figure 1.1). You are studying this book to prepare for one or more of the following Microsoft certifications: ■ ■ ■
MCTS: Windows Server 2008 Network Infrastructure, Configuring MCITP: Server Administrator MCITP: Enterprise Administrator
To be an MCTS for Windows Server 2008 Network Infrastructure, Configuration, you need to successfully sit for exam 70-642. Using exam 70-642 to become an MCITP opens up two possibilities.You can become an MCITP: Server Administrator or an MCITP: Enterprise Administrator. The MCITP: Server Administrator requires that you pass three exams.You will need to pass two Microsoft Certified Technology Specialist (MCTS) exams, what Microsoft refers to as prerequisite exams, and you will also need one Professional Series exam.
3
1
4
MCTS: Windows Server 2008 70-642 Q&A Figure 1.1 The MCITP versus the MCTS.
The three exams are: ■
■
■
Exam 70-640, which earns you MCTS: Windows Server 2008 Active Directory, Configuration Exam 70-642, which earns you MCTS: Windows Server 2008 Network Infrastructure, Configuration Exam 70-646, which earns you PRO: Windows Server 2008, Server Administrator
The MCITP: Enterprise Administrator requires that you pass five exams (the three required for the MCITP: Server Administrator, plus two others): ■
■
■
■
■
MCTS Exam 70-640, which earns you Windows Server 2008 Active Directory, Configuration MCTS Exam 70-642, which earns you Windows Server 2008 Network Infrastructure, Configuration MCTS Exam 70-643, which earns you Windows Server 2008 Applications Infrastructure, Configuring Either Exam 70-620, MCTS: Windows Vista, Configuring or Exam 70-624, MCTS: Deploying and Maintaining Windows Vista Client and 2007 Microsoft Office System Desktops PRO Exam 70-647, Windows Server 2008, Enterprise Administrator
WHO IS
THE
70-642 EXAM INTENDED FOR?
According to Microsoft, the MCTS for Windows Server 2008 Network Infrastructure, Configuration exam is a credential aimed at IT professionals working in a computing environment of medium- to large-size companies.The MCTS candidate is expected to have a minimum of one year of experience implementing and managing a network operating system in an organization with the following characteristics: ■ ■ ■
Approximately 250 to 5,000 users A minimum of three physical locations A minimum of three domain controllers
Chapter 1 ■
■
Understanding Exam 70-642: The MCP Program
5
The typical services found on this type of network, such as messaging, a database, file and print, a proxy server, a firewall, the Internet, an intranet, remote access, and client computer management The typical connectivity requirements found on this type of network, such as connecting branch offices and individual users in remote locations to the corporate network and corporate networks connected to the Internet
As you can see, Microsoft expects you to have experience with a fairly complex computing environment. Having experience using these technologies is a necessary but probably not sufficient requirement. In fact, in a small way, your experience can at times get in the way of exam success. This is because some of the solutions implemented in the field, even though they work well or are fast and efficient, are not always the “correct answer” on the test. Having said that, experience will be useful more often on the exam than it will be a hindrance. If you are short on experience, you will have to make it up with training, alone or in a classroom.
NOTE If you are on your own preparing for this exam and need additional material, check out the book, Configuring Windows Server 2008 Network Infrastructure by Tony Northrup and J.C. Mackin (published by MS Press). This book covers all the exam objectives effectively and, to deepen your understanding of the subject, includes case scenarios, exercises, and best practices. For more training resources, check out Microsoft’s website at http://www.microsoft.com/learning/en/us/exams/ 70-642.mspx. If by the time you enter this link, it has been moved or does not work anymore, just go to www.microsoft.com and type 70-642 in the Search field.
THE EXAM OBJECTIVES Exam 70-642 is made up of the five following main objectives: ■ ■ ■ ■ ■
Configuring IPv4 and IPv6 Configuring name resolution Configuring network access Configuring file and print services Monitoring and managing a network infrastructure
Each of these has between four and six sub-objectives. Making sure you familiarize yourself with these objectives will help you in laying out your exam preparation strategy (see Chapter 2). The main point in understanding these objectives is that doing so will enable you to make your own decisions as to what is central and what is peripheral to your preparation for exam 70-642.
1
6
MCTS: Windows Server 2008 70-642 Q&A
Main Objective 1: Configuring IP Addressing and Services This first main objective has been given a relative weight of 24% (out of the five main objectives) by Microsoft. The relative weight is a numerical way to represent the relative importance of the objective, which typically translates in approximate number of questions on the exam. Assuming your exam consists of a total of 55 questions, it is reasonable to expect that this objective would be reflected in about 13 of those questions. For a detailed description of the issues covered in this objective, see Appendix B.
Main Objective 2: Configuring Name Resolution This second main objective has been given a relative weight of 27%, so if your exam consists of 55 questions, it’s reasonable to expect that this objective will be represented in about 15 of those questions (.27 × 55). For a detailed description of the issues covered in this objective, see Appendix B.
Main Objective 3: Configuring Network Access This third main objective has been given a relative weight of 22%. If you assume your exam consists of a total of 55 questions, this objective would be represented in about 12 of those questions. For a detailed description of the issues covered in this objective, see Appendix B.
Main Objective 4: Configuring File and Print Services This objective has a relative weight of 13%, which means it would be represented in about seven of 55 total questions. For a detailed description of the issues covered in this objective, see Appendix B.
Main Objective 5: Monitoring and Managing a Network Infrastructure This fifth and final main objective has a relative weight of 14%. Expect it therefore to consist of about eight questions. For a detailed description of the issues covered in this objective, see Appendix B.
SUMMARY As you have seen here, Microsoft expects you to have experience from a fairly complex computing environment. In addition to coming to the exam with this experience, make sure to study the exam objectives until you really understand their context and you understand not only why they are selected but also how one objective relates to another. Understanding the spirit in which the exam is constructed will help you focus your studies for maximum efficiency. If you are planning to prepare on your own for this exam and need additional material, I recommend Configuring Windows Server 2008 Network Infrastructure by Tony Northrup and J.C. Mackin (published by MS Press). This book covers all the exam objectives effectively and, to help you deepen your understanding of the subject, it includes case scenarios, exercises, and best practices.
CHAPTER
2
EXAM STRATEGIES AND TACTICS T
aking an exam is always a stressful experience so I have put together this chapter to help you minimize your stress and maximize your meaningful preparations. The first and best way to minimize the impact of stress is through knowledge—knowledge of the exam topic, knowledge of the exam format and finally, knowledge of the question types.The second best way to alleviate stress is through preparation. Preparation happens through careful planning and practice, practice, and then some more practice! So this chapter contains a few tidbits and some guidance on how to prepare.
SIGNING UP
FOR THE
TEST
To take the test, you need to buy a voucher (the cost is $125.00 at the time of this printing) and schedule your date.To do that, go to www.prometric.com and click on For Test Takers, as you can see in Figure 2.1. By the time you get there these pages may have changed but the idea should be more or less the same. Figure 2.1 Click on For Test Takers to sign up for the test.
This takes you to the next screen, where you use the drop-down menus to select Information Technology (IT) Certification and Microsoft, as shown in Figure 2.2. Once your selection is done, click GO. From the next screen, choose Schedule, Reschedule, Cancel, or Confirm an Exam. Next you can either Locate a Test Site or Schedule an Appointment; either one eventually gets you to the same steps of registering for the exam, selecting a time and date, and making payment (or if you have a paid voucher you will find a place to enter the voucher code).You will need a credit card to do the entire transaction online. If you do not have a credit card, you can mail in your payment but you will then have to wait for it to clear before booking your exam date.
7
2
8
MCTS: Windows Server 2008 70-642 Q&A Figure 2.2 Use the drop-down menus to find the right testing program.
AT
THE
TESTING CENTER
When you signed up, the program suggested a testing location (or several) to you. Make sure to leave yourself more time than you think it may take you to get there. Factors such as traffic or your unfamiliarity with the testing center area can add quite some time to your trip, and the last thing you need on exam day is a bunch of extra stress! When you arrive at your destination, you will need to sign in with the exam coordinator. He or she will ask you to show two forms of ID, with at least one of them being a government-issued photo ID. If you are really early and have some time to kill before your scheduled time, you can use your laptop to take the CertBlaster exams in Flash mode.This mode simulates flash cards where you press the spacebar to see the question, press it again to see the answer, and so on. Once you are signed in and your scheduled time is upon you, you will be asked to leave behind any and all books, bags, and anything else you brought (this is because all Microsoft Certification exams are completely closed book). After that you will be led into a closed examination room.
NOTE Although rare, every so often the exam software or the machine will crash. If that happens, remain calm; you will not be penalized. Call the exam coordinator and he or she will reboot the machine and relaunch the exam software. The program will “remember” your score, where you were, and how much time you have left. Resume calmly as if nothing happened.
All Prometric exams in general and all Microsoft exams in particular are computer based.You are not allowed to bring anything of your own into the testing room, but the exam coordinator will provide you with a sheet of paper and a pen.You will be given an opportunity to take a sample exam before the actual exam.You should take it to make sure you are comfortable with all the navigation features of the exam software (your CertBlaster is pretty close to it but not identical in all respects).You can take it more than once, but it’s questionable whether that would be an efficient use of your time. Once you are ready, tell the exam coordinator and you can now start your exam. It’s the moment of truth!
Chapter 2
Exam Strategies and Tactics
9
THE EXAM Always assume that the test will be harder and more stressful than you expect it to be; typically this is what most candidates feel once they sat for this test. This means prepare a lot, test yourself, and then prepare a lot more. In order to pass the test and thus get certified, you need to score 700 out of 1,000.The number of questions will vary, but for this one assume you’ll be given about 50–55 questions; it can be a bit less or a bit more. Say you have 50 questions on the exam, with a required score of 700 out of 1,000; you would figure that 35 correct (70% of 50) will guarantee a win. Wrong. Each question is individually weighted. So, one person might miss 16 questions and pass while another could arguably miss only 13 and fail. Some questions are multi-part and assigned partial credit.What this means is—never relax during the exam by assuming you got 35 correct and are home free. Since you don’t have the key to the weight given to each question, you don’t know what the exact cutoff is on your exam until you get the results. For this exam you will likely be facing a “fixed length” exam although you could also see a “shortform test.” At the time of printing of the book, Microsoft did not offer the adaptive testing for this exam so we are not going to elaborate on that format here. ■
■
In the fixed-length test you will be facing 50 to 70 questions, typically 50–55. All questions in this format (as well as in the short form test) enable you to mark the questions for review (from the check box in the top-left corner of the exam software). This allows you to return to a question as many times as you need (restricted by the time left on your exam, of course). I’ll discuss how to best use this feature later in this chapter. The short-form test has 25 to 30 questions with navigation features identical to the ones for the fixed-length format.
TEST TAKING STRATEGIES There is no silver bullet when it comes to test taking.There are probably as many test taking strategies as there are test takers out there. In the following sections, I list a couple of strategies that have served a lot of candidates well, including this author.
Circle In This strategy involves four major steps: 1. Go through the entire test quickly and answer all the “easy” ones. 2. Answer all the ones where you think you know the answer within a few seconds. If you are not sure, mark these for review. 3. For any questions where you draw a blank, mark these for review and do not answer them. 4. Circle back to all the questions marked for review. Your goal here is to identify the questions you need more time with and review those over and over again until you are done.You should skip any question when you do not immediately know the answer.When you do this (that is skip in the first run through), don’t mark any of the answers so as to not lead yourself down the potentially wrong path when you revisit them. Now, of course you do click answers for any and all questions you are confident about.
2
10
MCTS: Windows Server 2008 70-642 Q&A
Next if you are not sure about the answer, mark it for review (check the box on the top-left corner of the exam software). Afterwards, go back and re-read these questions to make sure you answered them correctly. By the end of the test, you might very well have circled back to some of the questions three to four times before you answer them. This will allow you to answer more questions with a high degree of confidence.An additional benefit of this method is that your brain doesn’t stop working on a question just because you are skipping to the next. Sometimes what seems insolvable on the first look becomes easy several minutes later on a second look. Finally, on occasion you will discover that a related or unrelated question that you read later may jog your memory and make it easier to answer a question you initially had a hard time with.
The Rake Some candidates prefer to answer every question the first time around and just mark for review (check the box in the top-left corner of the exam software) the ones they feel uncertain about.The idea is that this way you will be sure to have an answer for every question even if you run out of time.The risk with this strategy is of course that you let yourself get stuck on a couple of hard ones and still run out of time.
NOTE In the last minutes of the test, answer all; answer anything!
Whatever you do, when the end nears, make sure to check an answer, any answer at all. The reason for this is twofold—there are no minus points for incorrect answers and most questions are multiple choice. If you have a question with one correct answer out of four alternatives, you have a 25% chance to get it right even if you have absolutely no idea what the question is about. Now, assume you have four of those questions left and some 30 seconds to go.You now have a statistical probability that you will get one extra correct answer out of answering all of those A or B, or whatever. If you are unlucky, it could still be zero; if you are lucky it could even give you two correct, which could be the difference between failure and success on exam day. What is guaranteed, however, is that if you don’t answer these at all, you will get zero points on those questions.
COMMON QUESTION TYPES The most prevalent question type you will encounter on this exam is the multiple choice question with one or more correct alternatives. When it is a multiple choice single answer with four alternatives, you will typically have two or more obviously wrong alternatives and two credible answers, one of which is correct. If you know the answer, no problem; click it and move on. If you are uncertain and can see the two plausible ones, you now have narrowed it down to a 50% chance of getting it right, so make sure you click one of the two before it is too late. In this situation you can always mark it for review.When you are ready to answer the question, just click on the radio button next to the answer you want to choose.
Chapter 2
Exam Strategies and Tactics
11
The most important thing to remember on a multiple choice question is to read the entire stem very carefully, word by word. If the answer seems really obvious to you, great, but make sure to look out for any negatives, double negatives, or any other twists so you don’t fall into any obvious traps. A good tactic is to read the question and then try to come up with the answer before looking at the answer alternatives; sometimes this may keep you from being influenced by a smart distracter. Always look for clues in the stem; sometimes the way it is written will help you rule out one or more of the distracters if you just read it carefully enough. Figure 2.3 shows an example of a typical multiple choice question (note the negative in this one). Figure 2.3 A typical multiple choice exam question, with the use of a negative.
Another common question type is the “list and reorder” type of questions (you will see quite a few of those in the CertBlaster as well). The way these work is that you are given a set of items in a random order and asked to list them in the correct order. The way the Prometric exam software does this is to place the items in one of two frames separated by a column on which you will find controls. Click to highlight the item you think should be first on the list; then click the Add button or the arrow in the middle, and the item will be placed first in the second frame. Repeat this procedure with the other items until you have no items remaining in the right column. Figure 2.4 shows an example of the list and reorder window. Figure 2.4 An example list and reorder window.
“Create a tree” is another question format you are likely to face on the exam. Just as in the “list and reorder” question type, you will see two columns and you will be asked to organize the information.You are asked to organize the information along a hierarchy. To move an entry from the list to the desired location in the tree, you need to select the relevant tree node by clicking it, select the entry you want to move, and then click the Add button. As soon as you add an entry to a tree node, it appears with a + sign to the left of the node name.You can click it to expand the node and see the entries you have added. If you want to move any entry, just select it and click it and then click the Remove button.
2
12
MCTS: Windows Server 2008 70-642 Q&A
Another common question type is “drag and drop.” This question format requires you to drag a label to its correct spot, either in a table or in a graphic.You will simply click the item, drag to the desired spot, and let go of the mouse. If you made an error, you can click Reset if available or just re-drag and drop the item. Figure 2.5 shows an example where you must drag the labels in the left column to the Description column. This example is actually a variant of a list and reorder type question. Figure 2.5 The drag and drop type question, where you drag a term from one column to its match in the other column.
USING CERTBLASTER
FOR
TEST PREPARATION
Software-based test preparation is really important when it comes to MCP exams because they are all taken on the computer at the testing center. If this is your first Microsoft exam, then CertBlaster can be crucial as it will put you in the situation and familiarize you with the navigation and other important features. However, even if you’re a seasoned Microsoft test taker, it will still be very useful for you to use CertBlaster to gauge, among other things, how you do within the given time limit specifically on this exam topic. The home screen in CertBlaster contains the exams and the drills you have access to. The upper half of that screen contains the exams, as shown in Figure 2.6. The lower portion contains the drills, one per Microsoft exam objective, as shown in Figure 2.7. The exams consist of 50 questions, each drawn from the drills. A drill is a test bank that contains questions exclusively focused on one exam main domain. As an example, Exam 70-642 contains five main domains; therefore, you will find five drills in the 70-642 CertBlaster. Drill one will have
Chapter 2
Exam Strategies and Tactics
13
Figure 2.6 The top half of the CertBlaster home screen.
2 Figure 2.7 The bottom half of the CertBlaster home screen.
questions mapped to main domain one (Configuring IPv4 and IPv6). Furthermore, each main domain is assigned a weight in the overall certification; the value of that weight determines the number of questions available in each drill. Finally, the Exams pull questions from the drills in numbers reflecting the relative weight of the objectives. The CertBlaster test preparation software helps you study, cram, and simulate the exam. It has four modes: ■ ■ ■ ■
Assessment mode Study mode Flash mode Certification mode
Step 1: Assessment Mode and How It Is Personally Customized In assessment mode you are presented with a set number of questions aimed at offering a representative sample of the types of questions you’ll encounter on the exam.The assessment mode offers a time setting where you only see the questions and are expected to answer them as best you can. The main reason to take a test in assessment mode is of course to get a sense of where you stand. For that reason, CertBlaster’s assessment mode enables you to save or print your customized “Personal Testing Plan” (PTP), which is generated by CertBlaster based on your responses during the test. It will list the exam objectives and sub-objectives you need to revisit in order to perfect your exam preparation.This book’s chapter names (from Chapter 3 and up) are the main domains of the exam.The sub-objectives are listed underneath each question and typically appear in increasing order. Figure 2.8 shows an example. Figure 2.8 shows question number 86; the way you know which chapter it belongs to is by looking at the last line, which lists the exam number and then 1.3. This stands for Microsoft main domain 1 (Configuring IPv4 and IPv6) sub-objective 3 (Configure Routing).
14
MCTS: Windows Server 2008 70-642 Q&A Figure 2.8 The objectives are listed underneath each question and typically appear in increasing order.
This is why it will always be easy to go back to this book, PTP in hand, and find out which area you need to review. However, as I said in the Introduction, this is not a book where you learn the skills necessary for this exam; for that you will need a study guide. A good one is obviously Microsoft’s very own training kit.The PTP also includes for each question you missed, chapter and page references back to MCTS Self-Paced Training Kit (Exam 70-642): Configuring Windows Server® Network Infrastructure.
Step 2: Study Mode In study mode, you will be exposed to exam type questions in your own relaxing and customized learning environment.You can decide how many questions you want to handle for the sitting, you can take notes as you go through the questions, and you can see the answers and explanations if you so desire. You have unlimited time to do all this so make sure you take your time and give yourself the opportunity to understand why any given answer is correct. I can’t stress enough that rote memorizing is not the way to pass on exam day; comprehension is what stays with you and enables you to navigate successfully through the twists and turns of the question types and content that you are going to face.
Step 3: Certification Mode and How To “Feel” the Exam Without Taking It In certification mode, the exam conditions will be replicated as closely as possible.This means you will get a number of questions, type of questions, and distribution of questions over the different exam objectives to mimic as closely as possible the conditions of the exam. Obviously this is a timed exercise and you will not be able to see any of the answers or explanations. In order to feel comfortable with a CertBlaster result even in certification mode, you need a very high score (probably north of 95%). Also, be sure you got that score by understanding the question and answer and not by memorization alone. A score achieved through memorization will not necessarily translate to exam success, as the questions will not be identical to the ones you answer in CertBlaster.
Flash Mode Flash mode is a last-minute convenience device. It allows you to press your spacebar, see a question, press the spacebar again to see the answer, and so forth. As you can see, this replicates the act of studying with flash cards. And although not a main element of an exam strategy, it has its place as a final touch on your way to certification.This comes last; you can do it at home or at the testing center if there is a wait.
Chapter 2
Exam Strategies and Tactics
15
Important Features You Will Encounter in CertBlaster The most significant part of any CertBlaster are of course the questions. They are calibrated and mapped to the exam in a manner to help you best prepare for the types of reasoning you will need to win on exam day. In addition to this content component, some elements of the CertBlaster navigation will also help you prepare. Because these features are similar to the ones used on the exam software, they will familiarize you with the exam software feature well before exam day.The most significant of those features are the ones shown in Figure 2.9. Figure 2.9 Be sure you know how to use these elements of the test to your best advantage before you walk in the door of the exam.
These features act in the same way as they do on the actual exam. Just as on the exam, if you have skipped or marked questions for later, before it begins grading, CertBlaster will prompt you to answer such questions before it is too late (provided of course you have time left on the exam timer).
Additional CertBlaster Features That Will Help You Prepare Study mode offers the most features and help available. Figure 2.10 shows the top navigation in Study mode. Figure 2.10 CertBlaster’s Study mode offers lots of help and guidance.
The first several options are covered in the previous section.The Home button allows you to exit the test and go back to the exam and drills page, where you can select a new exam or drill. The Hint and Answer buttons contain the same content, although the Hint feature doesn’t give you the correct answer. Figure 2.11 shows what you would see after choosing an incorrect answer and then clicking the Answer button. Clicking Note in the navigation bar will open the CertBlaster notebook, where you can type a remark regarding the question you are studying. Once you have saved your note, you will see a paper clip attached to that question.This is useful if you are studying with friends, in a group, with an instructor, or simply want to remember any special issue concerning this question. Figure 2.12 shows the Note feature in action. After grading your test, CertBlaster then creates your Personal Testing Plan (PTP).The reason your customized PTP (based on your assessment result) is useful is because it helps you focus on your weak areas. It contains chapter and page references to the relevant MS Press book as well as references to the exam objectives (down to the sub-objective) that you need to pay attention to as a result of your assessment. To print or save your PTP, just click Next and a dialog box will prompt you. Figure 2.13 shows an example of a generic PTP.
2
16
MCTS: Windows Server 2008 70-642 Q&A Figure 2.11 The Answer feature on Study mode shows you the correct answer.
Figure 2.12 The Note feature allows you to write electronic notes and attach them to specific questions.
Figure 2.13 An example Personal Testing Plan.
Chapter 2
Exam Strategies and Tactics
17
SUMMARY This book and software aim at enhancing your exam readiness at all levels.The goal is to give you an insight into the exam procedures and format, as well as the types of questions you will face at the exam. I hope that the 800 practice questions in this book plus the CertBlaster software (on the CD at the end of this book) will contribute to your exam readiness and help you walk in on examination day feeling prepared and confident. Good luck!
2
This page intentionally left blank
Part II
PRACTICE TESTS
This page intentionally left blank
CHAPTER
3
CONFIGURING IPV4 AND IPV6 3
T
his chapter contains 192 questions that all fall under Microsoft’s first main exam objective for the 70-642 exam, “Configuring IPv4 and IPv6.”This main objective consists of the following three sub-objectives: ■ ■ ■
Configure IPv4 and IPv6 addressing Configure Dynamic Host Configuration Protocol (DHCP) Configure routing
Microsoft has given this main exam objective a weight of 24%, which is why I have created 192 (out of a total of 800) test preparation questions for this chapter.
TEST PREPARATION QUESTIONS 1. On an IPv4 network, how many computers can be hosted on a network with an address of 192.168.244.0/23? A. 510 B. 1022 C. 30 D. 4,094 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 2. To determine the number of subnets in an IPv4 network, you should use which formula? A. S=2b B. S=2bx C. S=2b D. None of the above 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 3. On an IPv4 network, you are given the 172.20.43.0/24 address block and you want to change the subnet mask internally to /27. How many different subnets would this generate? A. 2 B. 8 C. 3 D. 0 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing
21
22
MCTS: Windows Server 2008 70-642 Q&A
4. Translate 255.255.252.0 to slash notation. A. /22 B. /17 C. /30 D. /20 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 5. Change the following subnet mask from slash notation to dotted-decimal: /19. A. 255.255.192.0 B. 255.255.248.0 C. 255.255.224.0 D. 255.255.128.0 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 6. A default gateway must do which of the following? A. Share the same network ID and be located within the same broadcast domain as the hosts it is serving B. Always be left unconfigured for security reasons C. Be on a different broadcast domain from the hosts it is serving and have a different network ID D. Be on the same broadcast domain as the hosts it is serving and have a different network ID 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 7. What type of IPv4 address is 172.16.10.2? A. Public IPv4 B. Private IPv4 C. APIPA D. Private IPv6 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 8. Subnetting often causes which of the following? (Choose two.) A. Restricted broadcast traffic B. Reduced security C. Simplified administration D. Complicated administration E. All of the above 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing
Chapter 3
Configuring IPv4 and IPv6
23
9. An IPv4 network has six computers and is using an address space of 206.82.110.0/29. You want to add 100 new computers; what should you do? A. Expand the network to the /27 address block B. Expand the network to the /25 address block C. Expand the network to the /30 address block D. Do nothing because /29 network is large enough 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 10. A network with a subnet mask of 255.255.252.0 will grant how many network hosts? A. 2500 B. 6 C. 20 D. 1022 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 11. What is the tunneling protocol that allows a private IPv6 network to communicate with a private IPv4 network? A. Teredo B. TCP/IP C. ISATAP D. 6to4 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 12. What does the 6to4 protocol do? A. Tunnels IPv6 traffic over IPv4 traffic through 6to4 routers B. Allows a private IPv6 network to communicate with a private IPv4 network through a 6to4 router C. Allows clients located behind an IPv4 NAT device to use IPv6 over the Internet D. Allows the use of IPv6 to communicate only if the client, server, and network infrastructure support it 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 13. Which protocol relies on an infrastructure that includes specific clients, servers, relays, and host-specific relays? A. 6to4 B. TCP/IP C. Teredo D. ISATAP 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing
3
24
MCTS: Windows Server 2008 70-642 Q&A
14. The IPv6 address 2001:0DB8:3FA9:0000:0000:0000:00D3:9C5A can be rewritten in shorter form as which of these choices? A. 2001:DB8:3FA9::::D3:9C5A B. 21:DB8:3FA9::::D3:9C5A C. 2001:DB8:3FA9::D3:9C5A D. It cannot be written any shorter 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 15. What is the loopback address in IPv6? A. 127.0.0.1 B. 1:: C. ::0 D. ::1 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 16. Which of the following is an example of a ULA (Unique Local Address)? A. fd27:9abf:efb0:1::2 B. 2001:DB8:3FA9::D3:9C5A C. 192.168.0.0 D. Fe80:154d:3cd7:b33b:1bc1 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 17. 2001:DB8:3FA9::D3:9C5A is an example of what type of IPv6 address? A. Unique local address B. Link-local address C. Private address D. Global address 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 18. Link-local addresses are used for which of the following? A. Communication on the local subnet B. IPv6 to IPv4 conversion C. Used by ISPs D. Communication over the Internet 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 19. Choose the states of an IPv6 address. A. Deprecated B. Expired C. Tentative D. Valid E. Pending F. Preferred 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing
Chapter 3
Configuring IPv4 and IPv6
25
20. Which type of IPv6 address do you need if you want to connect to the IPv6 Internet from a server? A. Link-local address B. Unique local address C. Site-local address D. Global address 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 21. Which IPv6 address type is needed for a private network with four subnets? A. Unique local address B. Site-local address C. Global address D. Link-local address 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 22. What are the types of IPv6 addresses? A. Site-local address B. Global address C. Unique global address D. Link-local address E. Link-global address F. Unique local address 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 23. What is NOT an advantage of using IPv6 over IPv4? A. Improved security B. It’s backward compatible C. Simpler configuration D. More addresses 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 24. Which type of transition technology allows an IPv4-only host to communicate with the IPv6 Internet? A. Teredo B. ISATAP C. 6to4 D. Next Generation 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing
3
26
MCTS: Windows Server 2008 70-642 Q&A
25. Which one of the following is the part of the Teredo protocol infrastructure that forwards packets between Teredo clients on the IPv4 Internet and IPv6-only hosts? A. Teredo client B. Teredo server C. Teredo relay D. Teredo host-specific relay 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 26. What does a Teredo server do? A. Helps perform the address configuration B. Forwards packets between Teredo clients on the IPv4 Internet and IPv6-only hosts C. Only communicates with other Teredo servers D. Tunneling endpoint 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 27. Which of the following IPv4 addresses grants the greatest number of hosts? A. 131.107.100.48/28 B. 206.73.118.24/29 C. 206.73.118.0/26 D. 10.0.0.0/30 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 28. What are the ranges of IPv4 addresses? A. Public B. IANA C. Private D. APIPA E. APNIC F. Global 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 29. Who is responsible for dividing up the nonreserved portion of the IPv4 address space? A. FCC B. NSA C. IANA D. Local ISPs 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 30. Which of the following is an example of a private IPv4 address? A. 192.168.1.12 B. 206.73.118.103 C. 131.107.0.0 D. 127.0.0.1 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing
Chapter 3
Configuring IPv4 and IPv6
27
31. Use the correct formula to determine the number of subnets, given that b=4. A. 8 B. 4 C. 2 D. 16 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 32. You want to add a new server to your network. The addresses of the computers on the network are 10.2.12.1, 10.2.41.23, 10.2.41.100, and 10.2.41.110.What should the subnet of the new server be? A. 255.0.0.0 B. 255.255.0.0 C. 255.255.255.0 D. 255.255.255.252 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 33. When using variable-length subnet masks (VLSMs), the subnet ID should always have a trailing what? A. 1 B. 0 C. Either 1 or 0 D. 2 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 34. If you are given an address block of 10.200.48.0 with a subnet mask of 255.255.240.0, how many supported hosts are granted? A. 510 B. 6 C. 2046 D. 4094 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 35. Which two options describe the two parts of an IPv4 address? A. Host ID B. Header C. Data D. Network ID E. Tail 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing
3
28
MCTS: Windows Server 2008 70-642 Q&A
36. How many bits in length is an IPv4 address? A. 64 B. 8 C. 32 D. 4 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 37. IPv6 uses ____________ instead of network broadcasts like IPv4 uses. A. Unicast B. Netcast C. Multicast D. Limited broadcast 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 38. Unicast IPv6 addresses are divided into two parts of how many bits each? A. A 32-bit component and a 32-bit component B. A 64-bit component and a 64-bit component C. A 32-bit component and a 64-bit component D. A 48-bit component and a 64-bit component 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 39. Which of the following are NOT types of IPv6 addresses? A. Link-local B. Public C. Global D. Unique local E. Private 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 40. Which of the following is an example of a link-local address (LLA)? A. fd27:9abf:efb0:1::2 B. 2001:DB8:3FA9::D3:9C5A C. 192.168.0.0 D. fe80:154d:3cd7:b33b:1bc1 70-642 Objective 1.1: Configure IPv4 and IPv6 addressing 41. Which DHCP option is comprised of a preferred list of IPv4 addresses for routers on the same subnet as its DHCP clients? A. 006 DNS Servers B. 051 Lease C. 003 Router D. 015 DNS Domain Name 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP)
Chapter 3
Configuring IPv4 and IPv6
29
42. The DHCP option “006 DNS Servers” provides the client with what? A. A preferred list of IPv4 addresses for routers on the same subnet as its DHCP clients B. The domain name that DHCP clients should use when resolving unqualified names during DNS domain name resolution. C. The IP addresses for DNS name servers that DHCP clients can contact and use to resolve a domain host name query D. A preferred NetBIOS name resolution method for the DHCP client to use 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 43. Which DHCP option specifies the domain name that DHCP clients should use when resolving unqualified names during DNS domain name resolution? A. 003 Router B. 006 DNS Servers C. 015 DNS Domain Name D. 044 WINS/NBNS Servers 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 44. Which DHCP option defines the IPv4 addresses of primary and secondary WINS servers for the DHCP client to use? A. 003 Router B. 006 DNS Servers C. 044 WINS/NBNS Servers D. 046 WINS/NBT Node Type 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 45. Which DHCP option is a preferred NetBIOS name resolution method for the DHCP client to use? A. 003 Router B. 006 DNS Servers C. 044 WINS/NBNS Servers D. 046 WINS/NBT Node Type 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 46. Which DHCP option assigns a special lease duration only to remote access clients? A. 006 DNS Servers B. 044 WINS/NBNS Servers C. 046 Remote Lease D. 051 Lease 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP)
3
30
MCTS: Windows Server 2008 70-642 Q&A
47. The Specify IPv4 DNS Server Settings page of the Add Roles wizard gives you the ability to change which options? A. 003 Router B. 006 DNS Servers C. 015 DNS Domain Name D. 044 WINS/NBNS Servers E. 051 Lease 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 48. The Specify IPv4 WINS Server Settings page enables you to configure which DHCP server option? A. 003 Router B. 006 DNS Servers C. 015 DNS Domain Name D. 044 WINS/NBNS Servers 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 49. Before a DHCP server can provide IP address leases to clients, which of the following needs to be defined by the DHCP server? A. DNS server B. Scope C. NetBIOS name D. WINS server 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 50. Which one of the following is optional when creating a scope using the Add Scope dialog box? A. Scope name B. Subnet type C. Default gateway D. Subnet mask 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 51. Which of the following describes a set of one or more IP addresses that is included within the range of a defined scope but that you do not want to lease to DHCP clients? A. Inclusion range B. Exclusion range C. Inclusion scope D. Exclusion scope 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP)
Chapter 3
Configuring IPv4 and IPv6
31
52. Which of the following describes a permanent address lease assignment by the DHCP server by associating an IP address with a MAC address? A. Inclusion B. Exclusion C. Reservation D. Scope 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 53. At which levels can you assign options? A. Server level B. Computer level C. Scope level D. Reservation level E. Local level F. Domain level 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 54. If you want an option to be applied to all scopes, leases, and reservations, it should be defined at which level? A. Scope level B. Server level C. Reservation level D. Domain level 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 55. If you want options to be defined only within the scope, they should be defined on which level? A. Server level B. Reservation level C. Domain level D. Scope level 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 56. Options at the reservation level apply to which of the following? A. All reservations B. Only that reservation C. All scopes on the server D. All leases and reservations within the scope 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP)
3
32
MCTS: Windows Server 2008 70-642 Q&A
57. What are the types of DHCP options classes? A. Administrator classes B. Vendor classes C. Server classes D. User classes 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 58. When you configure options for the Default User class, which clients are assigned these options? A. None B. All, unless the same option is defined in a class-specific option C. All; they override class specific options D. Only newly created clients 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 59. You want to add a DHCP server to a network to give addresses to the 192.168.1.0/24 range. But you have a DNS server with a statically defined address of 192.168.1.10. How should you create a scope that does not conflict with the DNS server? A. Create a reservation that assigns the 192.168.1.10 address to the DNS server B. Create two address ranges in the DHCP scope that exclude the 192.168.1.10 address C. Create an exclusion for the address 192.168.1.10 D. Change the address of the DNS server to something outside the range of the scope 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 60. Which of the following commands installs the DHCP Server role on a Server Core installation of Windows Server 2008? A. net start dhcpserver B. sc config dhcpserver start= auto C. netsh interface ipv4 set address "local area connection" dhcp D. start /w ocsetup DHCPServerCore 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 61. In order to start DHCP once it is installed on a Server Core installation of Windows Server 2008 for the first time, which command do you use? A. net start dhcpserver B. sc config dhcpserver start= auto C. netsh interface ipv4 set address "local area connection" dhcp D. start /w ocsetup DHCPServerCore 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP)
Chapter 3
Configuring IPv4 and IPv6
33
62. To configure the DHCP service to start automatically on a Server Core installation of Windows Server 2008, which of the following commands would you use? A. net start dhcpserver B. sc config dhcpserver start= auto C. netsh interface ipv4 set address "local area connection" dhcp D. start /w ocsetup DHCPServerCore 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 63. This type of DHCP options class is generally not configurable and is normally built into the software of the client. A. User class B. Vendor class C. Administrator class D. Software class 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 64. This type of DHCP options class is configurable. Administrators can create new versions of this class with the settings of their choice. A. User class B. Vendor class C. Administrator class D. Local class 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 65. What does the ipconfig/setclassid command allow you to do? A. Define a new user class at the DHCP server B. Assign selected client computers to a new user class C. Assign an ID to a new user class D. Define a set of options for a new user class 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 66. In the command, ipconfig /setclassid "local area connection" MCTS, what is the class ID? A. "local area connection” B. MCTS C. setclassid D. There is none 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP)
3
34
MCTS: Windows Server 2008 70-642 Q&A
67. Which of the following commands would configure a client to inherit the options defined in class TS and the options defined for the default user class? A. ipconfig /setclassid TS B. ipconfig /setclassid "local area connection" TS C. /setclassid "local area connection" TS D. ipconfig /TS 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 68. To which class do all DHCP clients belong? A. Vendor class B. Administrator class C. Default User class D. Everyone 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 69. In order to create an exclusion range you need to navigate to which location in the DHCP console tree? A. DHCP \ <server node> \ IPv4 \ Scope \ Address Pool B. DHCP \ <server node> \ IPv4 \ Scope \ Exclusions C. DHCP \ <server node> \ IPv4 \ Scope \ Reservations D. DHCP \ <server node> \ IPv4 \ Scope \ Ranges 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 70. You are the administrator of a network with a scope whose address range is 192.168.10.1–192.168.10.200. Within this range you have a number of statically assigned servers within the range of address: 192.168.10.20–192.168.10.30. What should you do in order to prevent conflicts? A. Create reservations for each of the servers B. Create exclusions for each server C. Set an exclusion range from 192.168.10.20–192.168.19.30 D. Change the addresses of the servers to out of the scope 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 71. What is the lease duration for the Wired subnet type when creating a new scope? A. Eight hours B. Eight days C. Six hours D. Six days 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP)
Chapter 3
Configuring IPv4 and IPv6
35
72. What is the lease duration for the Wireless subnet type when creating a new scope? A. Eight hours B. Eight days C. Six hours D. Six days 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 73. Which option in the Add Scope dialog box allows you to configure the 003 Router option? A. Scope name B. Subnet mask C. Default gateway D. Subnet type 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 74. In the Add Scope dialog box, which choices are available for the subnet type? A. Wired B. Long C. Short D. Wireless E. Default 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 75. Before a DHCP server can lease addresses from a scope to any DHCP clients in a domain environment, what do you need to do? A. Activate the server in Active Directory B. Authorize the server in Active Directory C. Upgrade the server D. Nothing 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 76. Before a DHCP server can lease address from a scope to any DHCP clients in a domain environment, you need to do what to the scope? A. Authorize B. Upgrade C. Activate D. Delete 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP)
3
36
MCTS: Windows Server 2008 70-642 Q&A
77. After you add a DHCP server to a network, you find that none of the computers on the network can communicate beyond the local network. Which option should you configure in order to fix this problem? A. 003 Router B. 006 DNS Servers C. 015 Domain Name D. 044 WINS/NBNS Servers 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 78. You are in charge of a network that has a DHCP server configured with a static IP address of 10.10.0.10/24 and a DNS server address of 10.10.1.1.The scope is configured with a range of 10.10.1.0/24. You then find out that the clients are not being leased addresses from the DHCP server. What should you do? A. Change the clients into DHCP clients B. Change the address of the DHCP server and redeploy it C. Turn DHCP on D. Change the address of the DNS server 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 79. Which of the following is NOT a valid DHCP option? A. 003 Router B. 006 DNS Servers C. 015 DHCP Domain Name D. 044 WINS/NBNS Servers 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 80. Which DHCP option has the address for the DNS name servers that DHCP clients can contact and use to resolve a domain host name query? A. 003 Router B. 006 DNS Servers C. 015 DNS Domain Name D. 044 WINS/NBNS Servers 70-642 Objective 1.2: Configure Dynamic Host Configuration Protocol (DHCP) 81. Which of the following commands provides the most detailed and reliable analysis of network performance? A. TraceRT B. PathPing C. Ping D. Ipconfig 70-642 Objective 1.3: Configure Routing
Chapter 3
Configuring IPv4 and IPv6
37
82. Routing protocols allow routers to do what? A. Trace network connections B. Set up ICMP C. Automatically adjust when network conditions change D. Set up security for data sent on the network 70-642 Objective 1.3: Configure Routing 83. Which of the following is a popular routing protocol? A. Routing Internet Protocol B. Internet Control Message Protocol C. TCP/IP D. IPSec 70-642 Objective 1.3: Configure Routing 84. Earlier versions of Windows support ____________, which is no longer included with Windows Server 2008. A. RIP B. ICMP C. IPSec D. OSPF 70-642 Objective 1.3: Configure Routing 85. When configuring the settings for Routing Internet Protocol (RIP), the General tab allows you to configure which settings? A. Manually list neighbors B. Configure announcement intervals C. Select the version of RIP and select if authentication is required D. Choose whether to filter router advertisements 70-642 Objective 1.3: Configure Routing 86. When configuring the settings for Routing Internet Protocol (RIP), the Security tab allows you to change which settings? A. Manually list neighbors B. Select the version of RIP and select if authentication is required C. Configure announcement intervals D. Choose whether to filter router advertisements 70-642 Objective 1.3: Configure Routing
3
38
MCTS: Windows Server 2008 70-642 Q&A
87. When configuring the settings for Routing Internet Protocol (RIP), the Neighbors tab allows you to configure which settings? A. Manually list neighbors B. Configure announcement intervals C. Select the version of RIP and select if authentication is required D. Choose whether to filter router advertisements 70-642 Objective 1.3: Configure Routing 88. The Advanced tab, when configuring the settings for Routing Internet Protocol (RIP), allows you to change what? A. Manually list neighbors B. Select the version of RIP and select if authentication is required C. Configure announcement intervals D. Choose whether to filter router advertisements 70-642 Objective 1.3: Configure Routing 89. Which of the following is NOT a tab in the Configure RIP Properties dialog box? A. General B. Advanced C. Policy D. Security 70-642 Objective 1.3: Configure Routing 90. Which of the following is a tab on the Configure RIP Properties dialog box? A. Neighbors B. Policy C. Configuration D. Remote Access 70-642 Objective 1.3: Configure Routing 91. Complete the following statement. A router’s IP address _______________. A. Has to be on a different subnet than the computer B. Must be on the same subnet as the computer C. Can be on any subnet D. Must be configured statically 70-642 Objective 1.3: Configure Routing 92. When using multiple default gateways, you need to configure your routing to do what? A. Use static routing B. Use DHCP C. Use only one default gateway D. Use both default gateways 70-642 Objective 1.3: Configure Routing
Chapter 3
Configuring IPv4 and IPv6
39
93. Which of the following is an example of when you need to use static routing? A. Multiple default gateways B. All networks C. Communication with different remote networks D. No networks 70-642 Objective 1.3: Configure Routing 94. Which command-line tool should you use to configure static routing on a specific network? A. IPconfig B. Route C. TraceRT D. Ping 70-642 Objective 1.3: Configure Routing 95. Using the command-line tool route, how would you allow access to the 192.168.6.0/24 network with the router at 192.168.1.4? A. route –p add 192.168.6.0 Mask 255.255.255.0 192.168.1.4 B. route –p add 192.168.2.0/24 192.168.1.2 C. route –p add 192.168.2.0 192.168.1.2 D. route –p add 192.168.2.0 255.255.255.0 192.168.1.2 70-642 Objective 1.3: Configure Routing 96. In order to view the routing table, which route command should you use? A. route show B. route table C. route print D. route routing 70-642 Objective 1.3: Configure Routing 97. When looking at the routing table, routes with a netmask of 0.0.0.0 show what? A. A router B. The default gateway C. A client D. An interface 70-642 Objective 1.3: Configure Routing 98. This section of the routing table shows any routes that are added statically. A. IPv4 route table B. IPv6 route table C. Persistent routes D. Static addresses 70-642 Objective 1.3: Configure Routing
3
40
MCTS: Windows Server 2008 70-642 Q&A
99. When looking at the routing table, routes with a netmask of 255.255.255.255 show what? A. A router B. The default gateway C. A client D. An interface 70-642 Objective 1.3: Configure Routing 100. A loopback interface shows which network destination(s) in the routing table? A. 127.0.0.0 or 127.0.0.1 B. 0.0.0.0 C. 255.255.255.255 D. 224.0.0.0 70-642 Objective 1.3: Configure Routing 101. A multicast address shows which network destination(s) in the routing table? A. 127.0.0.0 or 127.0.0.1 B. 0.0.0.0 C. 255.255.255.255 D. 224.0.0.0 70-642 Objective 1.3: Configure Routing 102. Assume the following is a line from the route print output: 0.0.0.0
0.0.0.0
192.168.0.1
192.168.0.200
25
What is the default gateway? A. 0.0.0.0 B. 192.168.0.1 C. 192.168.0.200 D. Not possible to tell from this information 70-642 Objective 1.3: Configure Routing 103. Assume the following is a line from the route print output: 0.0.0.0
0.0.0.0
192.168.0.1
192.168.0.200
What is the subnet mask? A. 0.0.0.0 B. 192.168.0.1 C. 192.168.0.200 D. Not possible to tell from this information 70-642 Objective 1.3: Configure Routing
25
Chapter 3
Configuring IPv4 and IPv6
41
104. Assume the following is a line from the route print output: 10.10.0.0
255.255.0.0
On-link
192.168.2.102
11
What is the network? A. 10.10.0.0/11 B. 10.10.0.0 with a subnet mask of 255.255.0.0 C. 192.168.2.102 with a subnet mask of 255.255.0.0 D. 192.168.2.102/11 70-642 Objective 1.3: Configure Routing
3
105. Assume the following is a line from the route print output: 10.10.0.0
255.255.0.0
On-link
192.168.2.102
11
When this computer sends traffic to the 10.10.0.0/16 network, it sends it to where? A. The default gateway B. The router at 192.168.2.102 C. The router at 10.10.0.0 D. Nowhere; it is not properly configured 70-642 Objective 1.3: Configure Routing 106. You are in charge of a network that has computers on the 192.168.5.0/24 network and computers on the 192.168.6.0/24 subnet.The computers on the 192.168.5.0/24 network use the default gateway 192.168.5.1.You connect a separate router to both networks.You want clients on the 192.168.5.0/24 network to connect to clients on the 192.168.6.0/24 network. If the router has an address of 192.168.5.2, which command should you run? A. route add 192.168.6.0 MASK 255.255.255.0 192.168.5.1 B. route add 192.168.6.0 MASK 255.255.255.0 192.168.5.2 C. route add 192.168.5.1 MASK 255.255.255.0 192.168.6.0 D. route add 192.168.5.2 MASK 255.255.255.0 192.168.6.0 70-642 Objective 1.3: Configure Routing 107. In the following command, what does the –p do? route –p add 192.168.6.0 MASK 255.255.255.0 192.168.5.2
A. Tells the computer to remove this route after a restart B. Tells the computer to make the route persistent C. Tells the computer to make it a static route D. Tells the computer to enable routing and remote access service 70-642 Objective 1.3: Configure Routing
42
MCTS: Windows Server 2008 70-642 Q&A
108. Which of the following commands allow users to view the list of routers that are between the client and server? (Choose two.) A. Ipconfig B. Ping C. PathPing D. TraceRT E. Msconfig 70-642 Objective 1.3: Configure Routing 109. In order to use Routing Internet Protocol version 2 on Windows Server 2008, you must first install what? A. RIPv2 Service B. Internet Protocol Service C. Routing and Remote Access Service D. OSPF Service 70-642 Objective 1.3: Configure Routing 110. You are in charge of a network with a server running Windows Server 2008 with two network interface cards. Each card is connected to a different subnet with multiple routers on each. If you want the server to automatically identify the routers and different subnets you must enable what? A. RIP B. OSPF C. IPSec D. TCP/IP 70-642 Objective 1.3: Configure Routing 111. Which of the following are examples of Internet protocols? A. IPSec B. RIP C. OSPF D. TCP/IP E. ICMP 70-642 Objective 1.3: Configure Routing 112. What is another name for a router or gateway? A. Interface B. Hop C. Upstream server D. Downstream server 70-642 Objective 1.3: Configure Routing
Chapter 3
Configuring IPv4 and IPv6
43
113. This is a list of all IP destinations and how a computer can connect to them. A. Routing table B. Route list C. Persistent list D. RIP 70-642 Objective 1.3: Configure Routing 114. The route print command displays what output? A. Active Internet protocols B. Default gateways C. Routing table D. The route that packets travel between the client and server 70-642 Objective 1.3: Configure Routing 115. Which of the following is NOT part of the routing table? A. IPv4 route table B. Interface list C. IPv6 route table D. Inactive routes 70-642 Objective 1.3: Configure Routing 116. When looking at the output from the route print command, the following line shows the what? 0.0.0.0
0.0.0.0
192.168.0.1
192.168.0.200
25
A. Interface B. Loopback interface C. Default gateway D. Multicast address 70-642 Objective 1.3: Configure Routing 117. If a route identifies an interface in the output of a route print command, which choice will be the netmask? A. 0.0.0.0 B. 255.255.255.255 C. 127.0.0.0 D. 224.0.0.0 70-642 Objective 1.3: Configure Routing 118. A network destination of 224.0.0.0 shown in the output of a route print command identifies which of the following? A. An interface B. Default gateway C. Persistent route D. Multicast address 70-642 Objective 1.3: Configure Routing
3
44
MCTS: Windows Server 2008 70-642 Q&A
119. The following output is the result of which command?
A. TraceRT B. PathPing C. route add D. route print 70-642 Objective 1.3: Configure Routing 120. If the hop appears as three asterisks (***) when you run a PathPing or TraceRT, what is disabled on the node? A. TCP/IP B. ICMP C. RIP D. OSPF 70-642 Objective 1.3: Configure Routing
Chapter 3
Configuring IPv4 and IPv6
45
121. The following output is an example of which command?
3
A. TraceRT B. PathPing C. Msconfig D. route print 70-642 Objective 1.3: Configure Routing 122. The following output is an example of which command?
A. TraceRT B. PathPing C. Msconfig D. route print 70-642 Objective 1.3: Configure Routing
46
MCTS: Windows Server 2008 70-642 Q&A
123. The following image shows an example of what?
A. route print command output B. TraceRT command output C. Static routing table D. Dynamic routing table 70-642 Objective 1.3: Configure Routing 124. Which of the choices is a way to provide security for data sent between two computers on an IP-based network? A. TCP/IP B. IPSec C. ICMP D. RIP 70-642 Objective 1.4: Configure IPSec 125. IPSec provides which of the following services? A. Data authentication B. Data modification C. Routing protocol D. Encryption E. Password protection 70-642 Objective 1.4: Configure IPSec 126. This service from IPSec ensures that data is not changed during the transit between the two computers. A. Data authentication B. Data modification C. Routing protocol D. Encryption 70-642 Objective 1.4: Configure IPSec 127. Which of the following is NOT part of the data authentication service of IPSec? A. Data origin authentication B. Data integrity C. Making data unreadable during transit D. Anti-replay protection 70-642 Objective 1.4: Configure IPSec
Chapter 3
Configuring IPv4 and IPv6
47
128. What service provided by IPSec will make data unreadable to non-authenticated users? A. Data authentication B. Data modification C. Routing protocol D. Encryption 70-642 Objective 1.4: Configure IPSec 129. Which of the following enforces IPSec in Windows Server 2008 and Windows Vista? (Choose two.) A. IPSec rules B. IPSec policies C. Connection security rules D. Connection security policies E. IETF 70-642 Objective 1.4: Configure IPSec 130. By default, IPSec policies attempt to negotiate which services? A. Authentication B. Encryption C. Authentication and encryption D. Neither of these 70-642 Objective 1.4: Configure IPSec 131. By default, connection security rules attempt to negotiate which services? A. Authentication B. Encryption C. Authentication and encryption D. Neither of these 70-642 Objective 1.4: Configure IPSec 132. In order to assign an IPSec policy to an individual computer, you must use which one of the following? A. Group Policy B. Local Security Policy C. The IPSec wizard D. GPO 70-642 Objective 1.4: Configure IPSec 133. In order to assign an IPSec policy to a group of computers, you must use which one of the following? A. Group Policy B. Local Security Policy C. The IPSec wizard D. GPO 70-642 Objective 1.4: Configure IPSec
3
48
MCTS: Windows Server 2008 70-642 Q&A
134. Each IPSec policy is made out of one or more IPSec policy ____________. A. Filter lists B. Filters C. Rules D. Lists 70-642 Objective 1.4: Configure IPSec 135. Each IPSec policy rule is related to one IP ____________ and one ____________. A. Filter list/Filter action B. Filter action/Rule C. Rule/Filter list D. List/Filter action 70-642 Objective 1.4: Configure IPSec 136. An IP filter list contains a set of one or more IP ____________. A. Rules B. Lists C. Actions D. Filters 70-642 Objective 1.4: Configure IPSec 137. Which of the following is NOT a possible filter action for a rule? A. Block B. Permit C. Negotiate Security D. Allow Once 70-642 Objective 1.4: Configure IPSec 138. Possible filter actions include block, permit, and what else? A. Allow once B. Negotiate security C. Block once D. Ban 70-642 Objective 1.4: Configure IPSec 139. If an IPSec policy rule has only one IP filter, does it still have an IP filter list? A. Not unless specified B. Yes, it always does C. No, it never does D. IPSec policy rules never have IP filter lists 70-642 Objective 1.4: Configure IPSec
Chapter 3
Configuring IPv4 and IPv6
49
140. One difference between IPSec policies and connection security rules is which of the following? A. Connection security rules do not include filters and filter actions B. IPSec policies do not include filters and filter actions C. Connection security rules do not block, allow, or negotiate security D. Connection security rules are not configurable 70-642 Objective 1.4: Configure IPSec 141. Connection security rules apply to which types of IP traffic? A. Only specified types B. None C. All D. Only IPv6 traffic 70-642 Objective 1.4: Configure IPSec 142. What should you use to configure the connection security rules for any computer in the Windows firewall? A. WFAS console B. Local Security Policy C. Group Policy D. The Connection Security Rule wizard 70-642 Objective 1.4: Configure IPSec 143. When data is sent between two computers in an IPSec connection, the data is protected and known as what? A. Authentication Header B. Encapsulating Security Payload C. Security Association D. WFAS 70-642 Objective 1.4: Configure IPSec 144. Protection for a Security Association is given by which of the following IPSec protocols? A. AH B. ESP C. TCP/IP D. RIP E. ICMP 70-642 Objective 1.4: Configure IPSec
3
50
MCTS: Windows Server 2008 70-642 Q&A
145. This IPSec protocol provides data origin authentication, data integrity, and anti-replay protection for the entire packet. A. AH B. ESP C. TCP/IP D. RIP 70-642 Objective 1.4: Configure IPSec 146. This IPSec protocol provides data encryption, data encryption, data origin authentication, date integrity, and anti-replay protection for the payload. A. AH B. ESP C. TCP/IP D. RIP 70-642 Objective 1.4: Configure IPSec 147. In order to secure data in a Security Association (SA), you can use which of the following? A. Only Authentication Header (AH) B. Only Encapsulating Security Payload (ESP) C. Both Authentication Header and Encapsulating Security Payload D. All of these choices are correct 70-642 Objective 1.4: Configure IPSec 148. Which protocol creates a policy that creates the Security Association (SA)? A. AH B. ESP C. IKE D. TCP/IP 70-642 Objective 1.4: Configure IPSec 149. To create a secure connection, IKE goes through a process with how many stages? A. One B. Two C. Three D. Depends on the complexity of the SA 70-642 Objective 1.4: Configure IPSec 150. The first stage of an IKE process is called what? A. Slow mode B. Quick mode C. Main mode D. Secondary mode 70-642 Objective 1.4: Configure IPSec
Chapter 3
Configuring IPv4 and IPv6
51
151. The second stage of an IKE process is called what? A. Slow mode B. Quick mode C. Main mode D. Secondary mode 70-642 Objective 1.4: Configure IPSec 152. This is the most common mode that IPSec will be used in. A. Main mode B. Quick mode C. Transport mode D. Tunnel mode 70-642 Objective 1.4: Configure IPSec 153. This mode of IPSec is used in most IPSec-based VPNs. A. Main mode B. Quick mode C. Transport mode D. Tunnel mode 70-642 Objective 1.4: Configure IPSec 154. When a VPN gateway is not compatible with L2TP/IPSec VPNs, you can use which mode of IPSec? A. Main mode B. Quick mode C. Transport mode D. Tunnel mode 70-642 Objective 1.4: Configure IPSec 155. In this mode, an IP packet is secured and then hidden with a new, unprotected IP header. A. Main mode B. Quick mode C. Transport mode D. Tunnel mode 70-642 Objective 1.4: Configure IPSec 156. Which of the following is NOT one of the three methods of authentication for IPSec? A. Kerberos B. Certificates C. Preshared Key D. Encryption 70-642 Objective 1.4: Configure IPSec
3
52
MCTS: Windows Server 2008 70-642 Q&A
157. This is the default method of authentication in Active Directory for IPSec. A. Kerberos B. Certificates C. Preshared Key D. Password 70-642 Objective 1.4: Configure IPSec 158. In this authentication method, each host must install a computer certificate from a CA. A. Kerberos B. Certificates C. Preshared Key D. CA 70-642 Objective 1.4: Configure IPSec 159. Which authentication method is the LEAST secure? A. Kerberos B. Certificates C. Preshared Key D. CA 70-642 Objective 1.4: Configure IPSec 160. When defined with this default IPSec policy, the computer will only respond, and never request. A. Client B. Server C. Secure Server D. Secure Client 70-642 Objective 1.4: Configure IPSec 161. When it’s assigned which of the following default IPSec policies, the computer will request security verification from the sender of unsecured traffic, but will allow the connection to be unsecured. A. Client B. Server C. Secure Server D. Secure Client 70-642 Objective 1.4: Configure IPSec 162. When assigned this default IPSec policy, a computer will only accept secure traffic. A. Client B. Server C. Secure Server D. Secure Client 70-642 Objective 1.4: Configure IPSec
Chapter 3
Configuring IPv4 and IPv6
53
163. A computer can have how many IPSec policies defined to it? A. One B. Two C. No limit D. Depends on the defined policies 70-642 Objective 1.4: Configure IPSec 164. Which of the following pages of the Create IP Security wizard allows you to configure IPSec to use tunnel mode? A. Tunnel Endpoint page B. Network Type page C. IP Filter page D. Tunnel Mode page 70-642 Objective 1.4: Configure IPSec 165. Which of the following pages of the Create IP Security wizard allows you to limit the rule to local networks or to remote access connections? A. Tunnel Endpoint page B. Network Type page C. IP Filter page D. Remote Access page 70-642 Objective 1.4: Configure IPSec 166. Which of the following pages of the Create IP Security wizard allows you to assign a set of IP filters? A. Tunnel Endpoint page B. Network Type page C. IP Filter List page D. Remote Access page 70-642 Objective 1.4: Configure IPSec 167. On the Filter Action page of the Security Rule wizard, which of the following is NOT a predefined IP filter for IPSec policy rules? A. Permit B. Deny C. Request Security D. Require Security 70-642 Objective 1.4: Configure IPSec
3
54
MCTS: Windows Server 2008 70-642 Q&A
168. Which of the following is the predefined IPSec policy rule that allows the IP packets to pass through unsecured? A. Permit B. Deny C. Request Security D. Require Security 70-642 Objective 1.4: Configure IPSec 169. Which of the following is the predefined IPSec policy rule that allows the IP packets to pass through without being secured but asks the clients to negotiate security? A. Permit B. Deny C. Request Security D. Require Security 70-642 Objective 1.4: Configure IPSec 170. Which of the following is the predefined IPSec policy rule that makes the local computer request security from the source of the IP packets? A. Permit B. Deny C. Request Security D. Require Security 70-642 Objective 1.4: Configure IPSec 171. Which of the following pages of the Security Rule wizard allows you to select the method of authentication? A. Filter Action page B. Authentication Method page C. IP Filter List page D. Network Type page 70-642 Objective 1.4: Configure IPSec 172. By default, which method of authentication do IPSec rules rely on? A. Kerberos B. Certificates C. Preshared Key D. No method 70-642 Objective 1.4: Configure IPSec
Chapter 3
Configuring IPv4 and IPv6
55
173. Which of the following is NOT one of the pages in the New Connection Security Rule wizard? A. Rule Type page B. Endpoints page C. Encryption page D. Authentication page 70-642 Objective 1.4: Configure IPSec 174. This page in the New Connection Security Rule wizard allows you to create a specific rule type. A. Endpoints page B. Authentication page C. Rule Type page D. Rules page 70-642 Objective 1.4: Configure IPSec 175. Which of the following is NOT one of the four rule types available in the New Connection Security Rule wizard? A. Isolation rule B. Authentication Exemption rule C. Server-To-Server rule D. Encryption rule 70-642 Objective 1.4: Configure IPSec 176. This rule type in the New Connection Security Rule wizard is the general rule used to authenticate based on the profile selected in the Network and Sharing Center. A. Isolation rule B. Authentication Exemption rule C. Server-To-Server rule D. Tunnel rule 70-642 Objective 1.4: Configure IPSec
3
56
MCTS: Windows Server 2008 70-642 Q&A
177. The following window shows you the network location used in which rule?
A. Isolation rule B. Authentication Exemption rule C. Server-To-Server rule D. Tunnel rule 70-642 Objective 1.4: Configure IPSec 178. Which term is used to describe the ability to use connection security rules to block traffic from outside computers? A. Local isolation B. Domain isolation C. Local exemption D. Domain exemption 70-642 Objective 1.4: Configure IPSec 179. This rule type is used to exempt computers or groups of computers or even IP ranges from having to authenticate themselves. A. Isolation rule B. Authentication Exemption rule C. Server-To-Server rule D. Tunnel rule 70-642 Objective 1.4: Configure IPSec
Chapter 3
Configuring IPv4 and IPv6
57
180. This premade rule type allows you to manually authenticate communications between a specific IP address and sets of IP addresses. A. Isolation rule B. Authentication Exemption rule C. Server-To-Server rule D. Tunnel rule 70-642 Objective 1.4: Configure IPSec 181. This rule type is used to set up IPSec tunnel mode for VPN gateways. A. Isolation rule B. Authentication Exemption rule C. Server-To-Server rule D. Tunnel rule 70-642 Objective 1.4: Configure IPSec 182. On the Rule Type page of the New Connection Security Rule wizard, you can use this rule to make special settings or combinations of other rule types. A. Isolation rule B. Tunnel rule C. Custom rule D. Server-To-Server rule 70-642 Objective 1.4: Configure IPSec 183. Which page of the New Connection Security Rule wizard allows you to pick the remote computers that you want to create an IPSec connection with? A. Rule Type page B. Endpoints page C. Requirements page D. Authentication Method page 70-642 Objective 1.4: Configure IPSec 184. Which page of the New Connection Security Rule wizard allows you to determine whether you want communications to be authenticated? A. Rule Type page B. Endpoints page C. Requirements page D. Authentication Method page 70-642 Objective 1.4: Configure IPSec
3
58
MCTS: Windows Server 2008 70-642 Q&A
185. Which page of the New Connection Security Rule wizard allows you to select the method that is used when computer endpoints are authenticated? A. Rule Type page B. Endpoints page C. Requirements page D. Authentication Method page 70-642 Objective 1.4: Configure IPSec 186. Which page of the New Connection Security Rule wizard allows you to limit which network location types apply to the rule? A. Requirements page B. Authentication Method page C. Profile page D. Name page 70-642 Objective 1.4: Configure IPSec 187. Which page of the New Connection Security Rule wizard allows you to add a name and a description to the new rule? A. Requirements page B. Description page C. Profile page D. Name page 70-642 Objective 1.4: Configure IPSec 188. Opening the properties of the following highlighted item will give you the ability to modify which settings?
Chapter 3
Configuring IPv4 and IPv6
59
A. IPSec defaults B. ICMP exemptions C. Import policy D. Export policy E. Clear policy 70-642 Objective 1.4: Configure IPSec 189. Using the following image, if you select Advanced in the Data Protection area and then click Customize, you can configure which of the following?
A. Data encryption B. Date authentication C. Preshared Key D. None of the above 70-642 Objective 1.4: Configure IPSec
3
60
MCTS: Windows Server 2008 70-642 Q&A
190. Changing the IPSec exemptions in the following image will have what effect?
A. Allow you to customize the IPSec default settings B. Allow you to change key negotiations C. Allow you to make ICMP exempt from IPSec D. All of the above 70-642 Objective 1.4: Configure IPSec 191. If you want network connection to be encrypted on the dtilearning.com domain, which of the following should you do? A. Use IPSec in tunnel mode B. Use IPSec with Authentication Header C. Use IPSec with Encapsulating Security Payload D. Use IPSec with PPTP 70-642 Objective 1.4: Configure IPSec 192. You are in charge of two domains that are on the same Active Directory forest.Which authentication method should you use for IPSec? A. Preshared Key B. Certificates C. Kerberos D. Any of the above will work 70-642 Objective 1.4: Configure IPSec
CHAPTER
4
CONFIGURING NAME RESOLUTION T
his chapter contains 208 questions that all fall under Microsoft’s second main exam objective for the 70-642 exam,“Configuring Name Resolution.”This main objective consists of the following five sub-objectives: ■ ■ ■ ■ ■
Configure Configure Configure Configure Configure
a Domain Name System (DNS) server DNS zones DNS records DNS replication name resolution for client computers
Microsoft has given this main exam objective a weight of 27%, which is why I created 208 (out of a total of 800) test preparation questions for this chapter.
TEST PREPARATION QUESTIONS 1. The best way to install a DNS server on a Domain Controller is which of the following? A. Install the DNS server first and then make it a Domain Controller B. Install the Domain Controller first, then install the DNS server C. Install both at the same time D. You can’t have a DNS server on a Domain Controller 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 2. Dcpromo.exe does what? A. It promotes a server to a Domain Controller B. Installs only the AD DS binaries C. Launches the AD DS Installation wizard D. Installs the DNS server 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 3. During the AD DS Installation wizard, the name that you configure for the Active Directory domain also becomes the name for what? A. An external forwarder B. The associated DNS zone C. A root hint D. Nothing; it’s only for the Active Directory domain 70-642 Objective 2.1: Configure a Domain Name System (DNS) server
61
4
62
MCTS: Windows Server 2008 70-642 Q&A
4. In the AD DS Installation wizard, the option to install a DNS server on the same Domain Controller is ____________. A. Not given in this wizard B. Not selected by default C. Selected by default D. Not available because you cannot install a DNS server on a Domain Controller 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 5. During the AD DS Installation wizard, if you choose to install the DNS server, what is configured automatically? A. Only the DNS server B. Only the hosted Forward Lookup zone C. Nothing D. Both the DNS server and the hosted Forward Lookup zone 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 6. To get to the DNS manager, you can do which of the following? A. Run Dcpromo.exe B. Click Start, go to Administrative Tools, and select DNS C. Run DNSmanager.exe D. Click Start, go to Administrative Tools, select Managers, and then select DNS 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 7. Which of the following commands will convert a server into a Domain Controller? A. dcpromote B. promoDc C. dcpromo D. DNSpromo 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 8. Is it possible to install a DNS server on a standalone server or on a member server in an Active Directory domain by using dcpromo? A. Yes B. No C. Only if the server is not also a Domain Controller D. You can’t install a DNS server on an Active Directory domain 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 9. Is it possible to install a DNS server on a Server Core installation of Windows Server 2008 by using dcpromo? A. Yes B. No C. Only if you do not use an unattended file D. You can’t install a DNS server on an Active Directory domain 70-642 Objective 2.1: Configure a Domain Name System (DNS) server
Chapter 4
Configuring Name Resolution
63
10. In order to install the Active Directory Domain Services role on a Server Core installation of Windows Server 2008, you need to type which of the following commands at the command prompt? A. dcpromote /unattend: B. dcpromo /unattend: C. dcpromo D. dcpromo /unattend 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 11. To create a dcpromo answer file, you must do which of the following? A. Run dcpromo on a computer running a Server Core installation of Windows Server 2008 B. Run dcpromo on a computer running a full installation of Windows Server 2008 C. Run dcpromo /unattend D. Run dcpromo /unattend: 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 12. Which of the following commands installs a DNS server on a standalone or member server running a Server Core installation of Windows Server 2008? A. start /w ocsetup DNS-Server-Core-Role B. start /w ocsetup DNS-Server-Core-Role /install C. start /w DNS-Server-Core-Role D. start /w DNS-Server-Core-Role /install 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 13. Which of the following commands uninstalls a DNS server on a standalone or member server running a Server Core installation of Windows Server 2008? A. start /w ocsetup DNS-Server-Core-Role B. start /w ocsetup DNS-Server-Core-Role /uninstall C. start /w DNS-Server-Core-Role D. start /w DNS-Server-Core-Role /uninstall 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 14. When it’s first created, how much cached information does a DNS server contain? A. It is configured in the installation B. None C. A DNS server can’t contain cached information D. It has a list of all clients connected to the DNS server 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 15. Which of the following is NOT a reason for a cached record to be cleared? A. It exceeded its TTL value B. The DNS Server service is restarted C. The cache is cleared manually D. The cache is cleared automatically when the client changes information 70-642 Objective 2.1: Configure a Domain Name System (DNS) server
4
64
MCTS: Windows Server 2008 70-642 Q&A
16. What type of server does not host any zones and is not authoritative for any domain? A. No-zone servers B. Caching-only servers C. No-domain servers D. Low-cache servers 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 17. If your network contains a slow wide area network link between sites, which type of server can improve performance? A. No-zone servers B. No-domain servers C. Low-cache servers D. Caching-only servers 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 18. If you want to improve name resolution for a network that is administered by people with little technical expertise, you should use which type of DNS server? A. No-zone servers B. Low-cache servers C. Caching-only servers D. No-domain servers 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 19. When looking at the DNS Server Properties dialog box, which tab allows you to specify which of the local computer’s IP addresses the DNS server should listen to for DNS requests? A. Interfaces tab B. Root Hints tab C. Forwarders tab D. Advanced tab 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 20. In the DNS Server Properties dialog box when looking at the Interfaces tab, where will the server listen for DNS requests by default? A. Only the public address B. Only the private address C. All IP addresses D. It will not listen by default 70-642 Objective 2.1: Configure a Domain Name System (DNS) server
Chapter 4
Configuring Name Resolution
65
21. In the DNS Server Properties dialog box, which tab allows you to view the data stored in the WINDOWS\System32\Dns\Cache.dns file? A. Interfaces tab B. Root Hints tab C. Forwarders tab D. Advanced tab 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 22. In the DNS Server Properties dialog box, which tab allows you to set up the local DNS server to forward DNS queries to upstream DNS servers? A. Interfaces tab B. Root Hints tab C. Forwarders tab D. Advanced tab 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 23. Which of the following is the name of a DNS server that receives unresolved queries sent by a forwarding DNS server? A. Gateway B. Downstream server C. Upstream server D. Forwarder 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 24. When does a DNS server use forwarding? A. If it is configured to use forwarding it will use it every time it receives a query B. If it is configured, it will use forwarding only if it cannot resolve a query C. By default DNS servers will forward all queries, unless configured otherwise D. DNS servers cannot forward queries 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 25. Which of the following is NOT a result of using forwarders for DNS servers? A. Optimization of name resolution performance B. More configuration C. Clients in child domains can resolve queries for names in parent domains D. Resolution of names securely 70-642 Objective 2.1: Configure a Domain Name System (DNS) server
4
66
MCTS: Windows Server 2008 70-642 Q&A
26. If your network is connected to the Internet using a slow link, which of the following should you use to improve your name resolution performance? A. Forwarders B. Upstream servers C. Downstream servers D. Gateways 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 27. Which of the following will allow you to configure your DNS servers to send all external queries to a single DNS outside of your firewall, in order to securely resolve external names? A. Upstream servers B. Downstream servers C. Forwarders D. Gateways 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 28. In order for a client in a child domain to resolve a query for a name in a parent domain, you must use which of the following? A. An upstream server B. A gateway C. Forwarding D. DHCP 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 29. Which of the following terms is used to describe a DNS server setup that allows queries for specific domains to be sent to other specific DNS servers? A. Conditional forwarding B. Specific forwarding C. Exclusion D. Recursion 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 30. In which of the following scenarios would the use of conditional forwarding be very useful? A. In all types of network setups B. When two separate networks merge into one C. Any type of domain network D. When you have secondary and stub zones 70-642 Objective 2.1: Configure a Domain Name System (DNS) server
Chapter 4
Configuring Name Resolution
67
31. You work for a company that merges with another, so a lease line is set up to connect the networks.You’re in charge of configuring the DNS servers to allow queries to the other company. What should you do? A. Configure the DNS server to use external forwarders B. Configure the DNS server to use root hints C. Configure the DNS server to use conditional forwarding D. Configure the DNS server to use cache-only servers 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 32. Which of the following CANNOT be configured in the DNS server properties dialog box? A. Conditional forwarding for a domain B. Root hints C. Interfaces D. Forwarding for local networks 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 33. To configure conditional forwarding for a domain, you should use which of the following? A. DNS Server Properties dialog box B. Dcpromo.exe C. DNS manager console tree D. Conditional forwarding is configured by default 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 34. You want to specify new root servers to replace the default ones. What should you do? A. Configure a new HOSTS file B. Replace the cache.dns file with a new one that has the new root servers C. Configure a new lmhosts file D. Set up conditional forwarding 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 35. You are in charge of a company that has two separate networks in different cities, one in Chicago and one in Newark.You want each office to be able to resolve names and browse the network of the other.You also want the users in each network to keep Internet connectivity. How should the DNS be configured? A. Configure root servers for Chicago and have the DNS servers in Newark forward queries to the servers in Chicago B. Use conditional forwarding to set up the parent DNS servers for each to send queries destined for the other to the DNS servers of the other C. Configure the DNS servers of each to use the same external forwarder D. Configure the DNS servers in each to forward queries to the other 70-642 Objective 2.1: Configure a Domain Name System (DNS) server
4
68
MCTS: Windows Server 2008 70-642 Q&A
36. Which of the following boxes would you select in order to install a DNS server?
A. Hyper-V B. DNS Server C. DHCP Server D. Active Directory Domain Services 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 37. When a field is entered in the following box, it becomes the Active Directory domain name. What other value does it set? A. Forward Lookup zone B. Reverse Lookup zone C. DNS zone name D. Conditional Forwarder
70-642 Objective 2.1: Configure a Domain Name System (DNS) server
Chapter 4
Configuring Name Resolution
69
38. Which of the following check boxes allows you to install a DNS server along with an Active Directory Domain Controller?
4
A. DNS server B. Global Catalog C. Read-Only Domain Controller D. DNS server and Global Catalog 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 39. The Export Settings button allows you to do what?
A. Create a backup for the settings to use on the same server B. Create an answer file C. Create a list of settings that you used to create this server D. Install a program to back up your installation of DNS server 70-642 Objective 2.1: Configure a Domain Name System (DNS) server
70
MCTS: Windows Server 2008 70-642 Q&A
40. What is the name of the tab shown in the following image?
A. Interfaces B. Forwarders C. Advanced D. Root Hints 70-642 Objective 2.1: Configure a Domain Name System (DNS) server 41. When you install a DNS server with a Domain Controller, a ____________ is created automatically. A. DNS zone B. Static route C. Scope D. Stub zone 70-642 Objective 2.2: Configure DNS zones 42. You are forced to create zones manually when you do which of the following? A. Install a DNS server with a Domain Controller B. Install a DNS server on a Domain Controller C. Install a DNS server with a backup Domain Controller D. You never have to manually create DNS zones 70-642 Objective 2.2: Configure DNS zones 43. What is a database containing records that link names with addresses for a declared part of a DNS namespace? A. ICMP B. IPSec policy C. DNS zone D. Scope 70-642 Objective 2.2: Configure DNS zones
Chapter 4
Configuring Name Resolution
71
44. For any part of a DNS namespace presented by a domain name, there can be how many sources of authoritative zone data? A. One B. Two C. Five D. Unlimited 70-642 Objective 2.2: Configure DNS zones 45. In order to create a new zone, you should use which of the following? A. newzone command B. New Zone wizard C. Zone /new command D. All zones are created automatically 70-642 Objective 2.2: Configure DNS zones 46. Which of the following is not a page of the New Zone wizard? A. Zone Type B. Zone Name C. Static Update D. Active Directory Zone Replication Scope 70-642 Objective 2.2: Configure DNS zones 47. This page of the New Zone wizard allows you to create a primary, secondary, or stub zone. A. Zone Type B. Zone Name C. Dynamic Update D. Active Directory Zone Replication Scope 70-642 Objective 2.2: Configure DNS zones 48. Which of the following CANNOT be created on the Zone Type page of the New Zone wizard? A. Primary zone B. Secondary zone C. Forward Lookup zone D. Stub zone 70-642 Objective 2.2: Configure DNS zones 49. If you are creating a primary or stub zone on a Domain Controller, which of the choices are available? A. Create a secondary zone B. Create a Forward Lookup zone C. Store zone data in Active Directory D. Store zone data locally on the DNS server 70-642 Objective 2.2: Configure DNS zones
4
72
MCTS: Windows Server 2008 70-642 Q&A
50. Which zone is the main type? A. Primary B. Secondary C. Stub D. Lookup 70-642 Objective 2.2: Configure DNS zones 51. This type of zone provides read-write source data that enables the local DNS server to answer DNS queries. A. Primary B. Secondary C. Stub D. Lookup 70-642 Objective 2.2: Configure DNS zones 52. A DNS server becomes a primary source for information about a zone when which of the following events occurs? A. It hosts a primary zone B. It hosts a secondary zone C. Both A and B D. It hosts a stub zone 70-642 Objective 2.2: Configure DNS zones 53. Where does a DNS server store a master copy of its zone data? (Choose two.) A. In a local file B. In Active Directory Domain Services C. Locally on the clients D. A or B 70-642 Objective 2.2: Configure DNS zones 54. By default, when a primary zone is stored locally on the DNS server, what is the name of the file? A. Zone.dns B. Primary.dns C. Zone_name.dns D. Primary_zone.dns 70-642 Objective 2.2: Configure DNS zones 55. When a copy of the zone data is stored locally on a DNS server, the default location is which of the following? A. %systemroot%\DNS folder B. %systemroot%\windows\DNS folder C. %systemroot%\system32 folder D. %systemroot%\system32\DNS folder 70-642 Objective 2.2: Configure DNS zones
Chapter 4
Configuring Name Resolution
73
56. This zone type provides a read-only copy of a primary zone or another zone of the same type. A. Secondary zone B. Stub zone C. Forward Lookup zone D. Reverse Lookup zone 70-642 Objective 2.2: Configure DNS zones 57. This zone type is used to spread DNS query traffic in heavily used parts of the network. A. Stub zone B. Secondary zone C. Forward Lookup zone D. Primary zone 70-642 Objective 2.2: Configure DNS zones 58. If the server hosting the primary zone goes down, the server hosting which zone will take over providing name resolution? A. Stub zone B. Forward Lookup zone C. Secondary zone D. Primary zone 70-642 Objective 2.2: Configure DNS zones 59. This term is used to describe the source of data for a secondary zone. A. Owner B. Primary C. Master D. Transfer 70-642 Objective 2.2: Configure DNS zones 60. When data is copied from a master to a secondary zone it is called what? A. Master transfer B. Zone transfer C. Primary transfer D. Zone update 70-642 Objective 2.2: Configure DNS zones 61. A master can be which of the following? A. Primary zone B. Secondary zone C. Stub zone D. A and B 70-642 Objective 2.2: Configure DNS zones
4
74
MCTS: Windows Server 2008 70-642 Q&A
62. To set a master of a secondary zone when you create it using the New Zone wizard, you must do which of the following? A. Set the master to view the secondary zone as a slave B. Set the master when creating the secondary zone C. Either A or B D. You cannot set the master from the New Zone wizard 70-642 Objective 2.2: Configure DNS zones 63. Which of the following is NOT true about secondary zones? A. They are a read-only B. They can be stored in AD DS C. They get their data from masters D. The process to update their data is called zone transfers 70-642 Objective 2.2: Configure DNS zones 64. This zone type only contains resource records necessary to ID the DNS servers for the master zone. A. Stub zone B. Forward Lookup zone C. Secondary zone D. Primary zone 70-642 Objective 2.2: Configure DNS zones 65. This zone type is often used to let a parent zone like dtilearning.com keep an up-to-date list of the name servers available in a delegated child zone, like north.dtilearning.com. A. Forward Lookup zone B. Stub zone C. Secondary zone D. Primary zone 70-642 Objective 2.2: Configure DNS zones 66. This zone type can be used to simplify DNS administration and improve name resolution. A. Forward Lookup zone B. Secondary zone C. Primary zone D. Stub zone 70-642 Objective 2.2: Configure DNS zones 67. When you create a new primary or stub zone, you are also prompted to do which of the following? A. Store the zone locally B. Store the zone in Active Directory C. Create a secondary zone D. Store the zone on the DNS server 70-642 Objective 2.2: Configure DNS zones
Chapter 4
Configuring Name Resolution
75
68. The option to store zone data in Active Directory gives you which of the following benefits? A. Allows you to create a secondary zone B. Allows you to set up a secondary server C. Eliminates the need for a secondary server D. Eliminates the need for a secondary zone 70-642 Objective 2.2: Configure DNS zones 69. If you integrate a DNS zone with Active Directory, you do not need to set up a method for DNS zone transfers between primary and secondary servers. Why? A. Active Directory does the zone replication for you B. There is no need for primary servers in Active Directory C. There is no need for secondary servers in Active Directory D. All of these are correct 70-642 Objective 2.2: Configure DNS zones 70. An effect of using Active Directory with your DNS server is which of the following? A. Cannot replicate or update single properties of resource records B. Forces you to use a secondary server for zone transfers C. Allows single properties of resource records to be replicated and updated D. None of these is correct 70-642 Objective 2.2: Configure DNS zones 71. When using Active Directory integrated zones, you also get the optional benefit of what? A. Unrestricted dynamic updates B. Security for dynamic updates C. Faster name resolution D. Zone backups 70-642 Objective 2.2: Configure DNS zones 72. For regular Domain Controllers, the copy of a zone is of which type? A. Read-only B. Write-only C. Read-write D. None of the above 70-642 Objective 2.2: Configure DNS zones 73. For read-only Domain Controllers the copy of the zone is in which format? A. Read-only B. Write-only C. Read-write D. None of the above 70-642 Objective 2.2: Configure DNS zones
4
76
MCTS: Windows Server 2008 70-642 Q&A
74. If you clear the “Store the Zone in Active Directory” check box during the New Zone wizard, you create which type of zone? A. Default zone B. Standard zone C. Normal zone D. Local zone 70-642 Objective 2.2: Configure DNS zones 75. When you are creating a zone on a non-Domain Controller, this is your only option for a new zone. A. Normal zone B. Default zone C. Standard zone D. Local zone 70-642 Objective 2.2: Configure DNS zones 76. A standard zone stores its data in which of the following? A. Active Directory B. DNS clients C. Secondary server D. Local DNS server 70-642 Objective 2.2: Configure DNS zones 77. All primary copies of a standard zone are in which format? A. Read-only B. Write-only C. Read-write D. None of the above 70-642 Objective 2.2: Configure DNS zones 78. All secondary copies of a standard zone are in which format? A. Read-only B. Write-only C. Read-write D. None of the above 70-642 Objective 2.2: Configure DNS zones 79. In a standard zone model, if the primary zone becomes deactivated, what will happen? A. You can still make changes to the zone, but queries for names will fail B. You cannot make changes to the zone, but queries for names will succeed C. You cannot make changes to the zone and queries for names will fail D. You can still make changes to the zone, and queries for names will succeed 70-642 Objective 2.2: Configure DNS zones
Chapter 4
Configuring Name Resolution
77
80. The following page appears when you select which option on the Zone Type page of the New Zone wizard?
4
A. Primary zone B. Secondary zone C. Stub zone D. Store zone in Active Directory 70-642 Objective 2.2: Configure DNS zones 81. On the Active Directory Zone Replication Scope page, which option allows you to store the zone in all DNS servers that are also Domain Controllers in the entire Active Directory? A. To all DNS servers in this forest B. To all DNS servers in this domain C. To all Domain Controllers in this domain D. To all Domain Controllers specified in the scope of this directory partition 70-642 Objective 2.2: Configure DNS zones 82. On the Active Directory Zone Replication Scope page, which option allows you to store the zone in all DNS servers that are also Domain Controllers in the local Active Directory domain? A. To all DNS servers in this forest B. To all DNS servers in this domain C. To all Domain Controllers in this domain D. To all Domain Controllers specified in the scope of this directory partition 70-642 Objective 2.2: Configure DNS zones
78
MCTS: Windows Server 2008 70-642 Q&A
83. On the Active Directory Zone Replication Scope page, which option allows you to store the zone in all Domain Controllers in the local domain for compatibility with Windows 2000? A. To all DNS servers in this forest B. To all DNS servers in this domain C. To all Domain Controllers in this domain D. To all Domain Controllers specified in the scope of this directory partition 70-642 Objective 2.2: Configure DNS zones 84. On the Active Directory Zone Replication Scope page, which option allows you to store the zone in all Domain Controllers in a specific scope of a custom Active Directory partition? A. To all DNS servers in this forest B. To all DNS servers in this domain C. To all Domain Controllers in this domain D. To all Domain Controllers specified in the scope of this directory partition 70-642 Objective 2.2: Configure DNS zones 85. In this type of zone, the DNS server maps a fully qualified domain name (FQDN) to IP addresses. A. Forward Lookup zone B. Reverse Lookup zone C. Standard zone D. Active Directory-integrated zone 70-642 Objective 2.2: Configure DNS zones 86. In this type of zone, DNS servers map IP addresses to fully qualified domain names (FQDNs). A. Forward Lookup zone B. Reverse Lookup zone C. Standard zone D. Active Directory-integrated zone 70-642 Objective 2.2: Configure DNS zones 87. This type of zone answers queries to resolve fully qualified domain names (FQDNs) to IP addresses. A. Forward Lookup zone B. Reverse Lookup zone C. Standard zone D. Active Directory-integrated zone 70-642 Objective 2.2: Configure DNS zones 88. This type of zone answers queries to resolve IP addresses to fully qualified domain names (FQDNs). A. Forward Lookup zone B. Reverse Lookup zone C. Standard zone D. Active Directory-integrated zone 70-642 Objective 2.2: Configure DNS zones
Chapter 4
Configuring Name Resolution
79
89. Which type of zone takes the DNS domain name for which you want to provide resolution? A. Reverse Lookup zone B. Primary zone C. Secondary zone D. Forward Lookup zone 70-642 Objective 2.2: Configure DNS zones 90. Which zone type is named using a formula that takes the first three octets of the address space for which you want to provide name resolution, reverses them, and then adds an ending tag of in-addr.arpa? A. Reverse Lookup zone B. Primary zone C. Secondary zone D. Forward Lookup zone 70-642 Objective 2.2: Configure DNS zones 91. Inside a Forward Lookup zone, an entry that maps a host name to an address is known as which of the following? A. Host B. Pointer C. PTR record D. B record 70-642 Objective 2.3: Configure DNS records 92. Inside a Reverse Lookup zone, an entry that maps an address host ID to a host name is called which of the following? A. Host B. Pointer C. A record D. B record 70-642 Objective 2.3: Configure DNS records 93. You work at an organization that has two Active Directory domains named dtilearning.com and north.dtilearning.com. What should the two zones providing name resolution for those Active Directory domains be called? A. Both called dtilearning.com B. Both called north.dtilearning.com C. One called dtilearning.com and one called north.dtilearning.com D. The names do not matter 70-642 Objective 2.2: Configure DNS zones
4
80
MCTS: Windows Server 2008 70-642 Q&A
94. Using default settings, DNS clients with ____________ IP addresses attempt to update host and pointer records. A. Static B. Dynamic C. DHCP D. Workgroup 70-642 Objective 2.3: Configure DNS records 95. DNS clients that are also DHCP clients attempt to update which records? A. Host B. Pointer C. Both host and pointer D. None 70-642 Objective 2.3: Configure DNS records 96. When in a workgroup environment, the DHCP server updates which record when the IP configuration is renewed? A. Host B. Pointer C. Both host and pointer D. None 70-642 Objective 2.3: Configure DNS records 97. In order for dynamic DNS updates to work, the zone that the clients are attempting to use must ____________. A. Be configured for records B. Be configured to accept non-secure updates C. Be configured to accept dynamic updates D. Be configured to accept only secure updates 70-642 Objective 2.3: Configure DNS records 98. Which of the following are types of dynamic updates? A. Secure updates B. Insecure updates C. Non-secure updates D. Authenticated updates E. Non-authenticated updates 70-642 Objective 2.3: Configure DNS records
Chapter 4
Configuring Name Resolution
81
99. This type of dynamic update allows registrations from only Active Directory domain members and updates only from the computer that performed the registration. A. Authenticated update B. Secure update C. Registered update D. Non-secure update 70-642 Objective 2.3: Configure DNS records 100. This type of dynamic update allows updates from any computer. A. Non-authenticated update B. Non-registered update C. Non-secure update D. Secure update 70-642 Objective 2.3: Configure DNS records 101. The Dynamic Update page of the New Zone wizard allows you to specify all of the following EXCEPT which? A. Allow only secure updates B. Allow only non-secure updates C. Allow both secure and non-secure updates D. Don’t allow dynamic updates 70-642 Objective 2.3: Configure DNS records 102. Which of the following commands forces the DNS client to perform a dynamic update? A. ipconfig /update B. ipconfig /dns C. ipconfig /registerdns D. ipconfig /dynamic 70-642 Objective 2.3: Configure DNS records 103. What does a server require if you want to store a zone in Active Directory? A. The server needs to be a DNS server B. The server needs to be a DHCP server C. The server needs to be a WINS server D. The server needs to be a Domain Controller 70-642 Objective 2.2: Configure DNS zones 104. When you create a new zone, which record(s) is/are created automatically? A. Start of Authority (SOA) record B. Name Server (NS) record C. Both SOA and NS records D. No records are created automatically 70-642 Objective 2.3: Configure DNS records
4
82
MCTS: Windows Server 2008 70-642 Q&A
105. This type of record shows basic properties for the zone. A. Name Server (NS) B. Start of Authority (SOA) C. Mail Exchanger (MX) D. Alias (CNAME) 70-642 Objective 2.3: Configure DNS records 106. Which type of zone has the name of the server authoritative for the zone? A. Start of Authority (SOA) B. Mail Exchanger (MX) C. Alias (CNAME) D. Name Server (NS) 70-642 Objective 2.3: Configure DNS records 107. When a zone is loaded on a DNS server, which record is used to find the basic and authoritative properties of the zone? A. Mail Exchanger (MX) B. Start of Authority (SOA) C. Alias (CNAME) D. Name Server (NS) 70-642 Objective 2.3: Configure DNS records 108. What information is displayed in the Serial Number text box of the Start of Authority (SOA) tab? A. Revision number B. Full computer name of the primary DNS server in the zone C. A domain mailbox for a zone administrator D. Time before a zone renewal 70-642 Objective 2.3: Configure DNS records 109. When a zone is configured to have one or more secondary servers, what is it called when a secondary server queries the master server for the serial number of the zone? A. NS query B. SOA query C. Master query D. SN query 70-642 Objective 2.3: Configure DNS records 110. If after a SOA query, the serial number of the master zone is equal to that of the secondary server, what happens to the transfer? A. The transfer is made B. The transfer is not made C. The transfer is made only if that is the only secondary server D. It depends on how the master server is configured 70-642 Objective 2.3: Configure DNS records
Chapter 4
Configuring Name Resolution
83
111. If after an SOA query, the serial number of the master zone is greater than the serial number of the secondary server, what happens to the transfer? A. The transfer is made B. The transfer is not made C. The transfer is made only if that is the only secondary server D. It depends on how the master server is configured 70-642 Objective 2.3: Configure DNS records 112. In the Start of Authority (SOA) tab, after the Serial Number text box is a box labeled Increment. What does the Increment box do? A. Raises the serial number B. Lowers the serial number C. Forces a zone transfer D. Cancels the next zone transfer 70-642 Objective 2.3: Configure DNS records 113. What information is displayed in the Primary Server text box of the Start Of Authority (SOA) tab? A. Revision number B. Full computer name of the primary DNS server in the zone C. A domain mailbox for a zone administrator D. Time before a zone renewal 70-642 Objective 2.3: Configure DNS records 114. What information is displayed in the Responsible Person text box of the Start of Authority (SOA) tab? A. Revision number B. Full computer name of the primary DNS server in the zone C. A domain mailbox for a zone administrator D. Time before a zone renewal 70-642 Objective 2.3: Configure DNS records 115. What is the default name used in the Responsible Person text box of the Start of Authority (SOA) tab? A. Master B. Administrator C. Host master D. Rp 70-642 Objective 2.3: Configure DNS records
4
84
MCTS: Windows Server 2008 70-642 Q&A
116. The value placed in the Refresh Interval field of the Start of Authority (SOA) tab means which of the following? A. Revision number B. Length of time a secondary server will continue to answer queries without contact from its master server C. Time between zone renewal attempts D. Time before a zone renewal 70-642 Objective 2.3: Configure DNS records 117. The default value for the Refresh Interval field of the Start of Authority (SOA) tab is which of the following? A. 1 minute B. 15 minutes C. 1 hour D. 1 day 70-642 Objective 2.3: Configure DNS records 118. Increasing the Refresh Interval field of the Start of Authority (SOA) tab causes which of the following? A. Increased zone transfer traffic B. Decreased zone transfer traffic C. Increased retry interval D. None of the above 70-642 Objective 2.3: Configure DNS records 119. The value placed in the Retry Interval box of the Start of Authority (SOA) box determines which of the following? A. Revision number B. Length of time a secondary server will continue to answer queries without contact from its master server C. Time between zone renewal attempts D. Time before a zone renewal 70-642 Objective 2.3: Configure DNS records 120. The value configured in the Expires After field of the Start of Authority (SOA) tab determines which of the following? A. Revision number B. Length of time a secondary server will continue to answer queries without contact from its master server C. Time between zone renewal attempts D. Time before a zone renewal 70-642 Objective 2.3: Configure DNS records
Chapter 4
Configuring Name Resolution
85
121. The default value for the Expires After field of the Start of Authority (SOA) tab is which of the following? A. 1 minute B. 15 minutes C. 1 hour D. 1 day 70-642 Objective 2.3: Configure DNS records 122. The value configured for the Minimum (default) TTL box of the Start of Authority (SOA) tab determines which of the following? A. Default time to live B. Default retry interval C. Default expiration time D. Default refresh interval 70-642 Objective 2.3: Configure DNS records 123. The default value for the Minimum (default) TTL box of the Start of Authority (SOA) tab is which of the following? A. 1 minute B. 15 minutes C. 1 hour D. 1 day 70-642 Objective 2.3: Configure DNS records 124. This type of record specifies the authoritative server for a given zone. A. Start of Authority (SOA) server B. Name Server (NS) C. Mail Exchange (MX) D. Alias (CNAME) 70-642 Objective 2.3: Configure DNS records 125. On a Windows Server 2008 server hosting a primary zone, how is the name server record created? A. Automatically B. Manually C. Specified when creating the zone D. None of the above 70-642 Objective 2.3: Configure DNS records
4
86
MCTS: Windows Server 2008 70-642 Q&A
126. On a Windows Server 2008 server hosting a secondary zone, how is the name server record created? A. Automatically B. Manually C. Specified when creating the zone D. None of the above 70-642 Objective 2.3: Configure DNS records 127. The most common types of records that you need to create manually do NOT include which of the following? A. Host (A or AAAA) B. Mail Exchanger (MX) C. Pointer (PTR) D. Start of Authority (SOA) 70-642 Objective 2.3: Configure DNS records 128. Which of the following is a record that must be created manually? A. Mail Exchanger (MX) B. Start of Authority (SOA) C. Name Server (NS) D. Host (A or AAAA) 70-642 Objective 2.3: Configure DNS records 129. This type of record makes up the majority of resource records in a zone database. A. Host B. Alias C. Pointer D. Service location 70-642 Objective 2.3: Configure DNS records 130. Which type of record is used to tie names to IP addresses? A. Alias B. Pointer C. Host D. Name Server 70-642 Objective 2.3: Configure DNS records 131. You are having trouble with one of the computers on your network. You are able to ping other computers using an IP address but not by name.Which of the following would fix this problem? A. Create a new alias resource record B. Create a new pointer resource record C. Create a new Mail Exchanger resource record D. Create a new host resource record 70-642 Objective 2.3: Configure DNS records
Chapter 4
Configuring Name Resolution
87
132. If you are trying to fix a problem caused by a missing host record to a client computer that is using Windows 2000 or later, which of the following commands can you use? A. ipconfig /newhost B. ipconfig /registerdns C. ipconfig /host D. ipconfig /registerhost 70-642 Objective 2.3: Configure DNS records 133. This type of record is also known as the canonical name. A. Host B. Pointer C. Alias D. Mail Exchanger 70-642 Objective 2.3: Configure DNS records 134. Which type of record allows you to use multiple names for the same host? A. Host B. Alias C. Pointer D. Mail Exchanger 70-642 Objective 2.3: Configure DNS records 135. Often-used server names such as ftp or www are normally registered using which type of resource record? A. Alias B. Host C. Pointer D. Mail Exchanger 70-642 Objective 2.3: Configure DNS records 136. If a host tied to an A resource record located in the same zone needs to change names, which type of resource record would you use? A. Pointer B. Mail Exchanger C. Alias D. Service location 70-642 Objective 2.3: Configure DNS records 137. This type of record is used by email applications to find a mail server inside of a zone. A. Host B. Alias C. Mail Exchanger D. Service location 70-642 Objective 2.3: Configure DNS records
4
88
MCTS: Windows Server 2008 70-642 Q&A
138. Which type of record would allow a domain name such as dtilearning.com, inside of an email address such as
[email protected], to be mapped to a host record for the computer hosting the mail server in the zone? A. Mail Exchanger B. Host C. Alias D. Service location 70-642 Objective 2.3: Configure DNS records 139. If no specific mail server is specified in an email address, which record is used to find the mail server? A. Service location B. Host C. Alias D. Mail Exchanger 70-642 Objective 2.3: Configure DNS records 140. Located inside the dtilearing.com.dns zone file are the following lines.Which type of resource record does this show? @ @ @
MX MX MX
1 10 20
mailserv1.dtilearning.com mailserv2.dtilearning.com mailserv3.dtilearning.com
A. Host B. Alias C. Mail Exchanger D. Pointer 70-642 Objective 2.3: Configure DNS records 141. In the following example of a portion of the dtilearing.com.dns zone file, which of the mail servers would be given the highest preference? @ @ @ @
MX MX MX MX
1 10 20 30
mailserv1.dtilearning.com mailserv2.dtilearning.com mailserv3.dtilearning.com mailserv4.dtilearning.com
A. Mailserv1 B. Mailserv2 C. Mailserv3 D. Mailserv4 70-642 Objective 2.3: Configure DNS records
Chapter 4
Configuring Name Resolution
89
142. Which type of resource record is used in Reverse Lookup zones to only support reverse lookups? A. Host B. Alias C. Pointer D. Mail Exchanger 70-642 Objective 2.3: Configure DNS records 143. The following example from a zone file is which type of resource record? 10
PTR
server1.dtilearning.com
A. Host B. Alias C. Pointer D. Service location 70-642 Objective 2.3: Configure DNS records 144. This type of resource record is used to find the location of certain services on the domain. A. Host B. Pointer C. Service location D. Alias 70-642 Objective 2.3: Configure DNS records 145. If a computer wants to find a Domain Controller in the dtilearning.com domain, which of the following is the correct SRV query? A. _ldap._tcp.dtilearning.com B. _ldap.dtilearning.com C. _tcp.dtilearing.com D. _ldap._tcp.SRV.dtilearning.com 70-642 Objective 2.3: Configure DNS records 146. The following is an example of which type of record that was created manually? _ldap._tcp
SRV SRV
0 0 389 10 0 389
dc1.dtilearning.com dc2.dtilearning.com
A. Host B. Alias C. Pointer D. Service location 70-642 Objective 2.3: Configure DNS records
4
90
MCTS: Windows Server 2008 70-642 Q&A
147. When you specify a WINS server in the WINS tab in the properties of a Forward Lookup zone, which type of resource record is created? A. Pointer B. WINS C. WINS-R D. Service location 70-642 Objective 2.3: Configure DNS records 148. When you specify a WINS server in the WINS tab in the properties of a Reverse Lookup zone, which type of resource record is created? A. WINS B. WINS-R C. Pointer D. Host 70-642 Objective 2.3: Configure DNS records 149. What term is used to describe the process of using timestamps to track the age of dynamically registered resource records? A. Scavenging B. Timestamping C. Aging D. Tracking 70-642 Objective 2.3: Configure DNS records 150. Which term is used to describe the process of deleting old resource records in which timestamps have been placed? A. Scavenging B. Aging C. Tracking D. Timestamping 70-642 Objective 2.3: Configure DNS records 151. ____________ can be used only when ____________ is enabled. A. Aging/scavenging B. Scavenging/aging C. Tracking/timestamping D. Timestamping/tracking 70-642 Objective 2.3: Configure DNS records 152. To enable aging for a certain zone, it must be enabled at which of the following levels? A. Server B. Zone C. Local D. Server and Zone 70-642 Objective 2.3: Configure DNS records
Chapter 4
Configuring Name Resolution
91
153. When a resource record is created manually, what is the default timestamp assigned to the record? A. 0 B. 10 C. 50 D. 99 70-642 Objective 2.3: Configure DNS records 154. What is the name of the period after a timestamp whereby a zone or server will not accept a timestamp refresh? A. No-refresh interval B. Refresh interval C. No-accept interval D. Reject interval 70-642 Objective 2.3: Configure DNS records 155. This feature prevents the server from loading unnecessary refreshes and reduces unneeded zone traffic. A. Refresh interval B. Reject interval C. No-refresh interval D. Loading interval 70-642 Objective 2.3: Configure DNS records 156. The default no-refresh interval is which of the following? A. 1 day B. 7 days C. 14 days D. 1 month 70-642 Objective 2.3: Configure DNS records 157. This is the period after the no-refresh interval in which timestamps refreshes are accepted. A. Refresh interval B. Renew interval C. Scavenge interval D. Fresh interval 70-642 Objective 2.3: Configure DNS records 158. Records can be scavenged only after which interval(s) expire? A. No-refresh B. Refresh C. No-refresh and refresh D. Records can be scavenged at any time 70-642 Objective 2.3: Configure DNS records
4
92
MCTS: Windows Server 2008 70-642 Q&A
159. The default setting for the refresh interval is which of the following? A. 1 day B. 7 days C. 14 days D. 1 month 70-642 Objective 2.3: Configure DNS records 160. The refresh interval should be ____________ the no-refresh interval. A. Less than B. Less than or equal to C. Greater than D. Greater than or equal to 70-642 Objective 2.3: Configure DNS records 161. This type of zone will give you access to selected resources through single-label names without using WINS. A. Standard B. Active Directory-integrated C. GlobalNames D. Global 70-642 Objective 2.2: Configure DNS zones 162. The three basic steps to setting up a GlobalNames zone are the following EXECPT for which? A. Enable GlobalNames zone support B. Create a Reverse Lookup zone called GlobalNames C. Create a Forward Lookup zone called GlobalNames D. Add alias resource records to the zone 70-642 Objective 2.2: Configure DNS zones 163. Which of the following is the correct command you must use on every DNS in which the GlobalNames zone will be created? A. dnscmd . /config /enableglobalnamessupport 1 B. /enableglobalnamessupport 1 C. /config /enableglobalnamessupport 1 D. dnscmd /enableglobalnamessupport 1 70-642 Objective 2.2: Configure DNS zones 164. When creating a GlobalNames zone, which type of zone do you have to create? A. A Reverse Lookup zone renamed GlobalNames B. A Forward Lookup zone renamed GlobalNames C. A standard zone renamed GlobalNames D. A Global zone 70-642 Objective 2.2: Configure DNS zones
Chapter 4
Configuring Name Resolution
93
165. Which type of record do you need to add to the GlobalNames zone to provide single-label name resolution? A. Host B. Pointer C. Service location D. Alias 70-642 Objective 2.2: Configure DNS zones 166. Active Directory-integrated zones can be installed on which type of server? A. On any DNS server B. Only on Domain Controllers C. On Domain Controllers with a DNS server role D. On any type of server 70-642 Objective 2.4: Configure DNS replication 167. Which of the following is NOT a reason that Active Directory-integrated zones are preferable to standard zones? A. Multimaster data replication B. Simpler configuration C. Improved security D. No need for a domain 70-642 Objective 2.4: Configure DNS replication 168. This term is used to describe the data structure in Active Directory that separates data for replication purposes. A. Break B. Partition C. Application D. Directory 70-642 Objective 2.4: Configure DNS replication 169. Which of the following are the two default application directory partitions? A. LocalDNSZones B. ForestDNSZones C. ClientDNSZones D. DomainDNSZones E. ServerDNSZones 70-642 Objective 2.4: Configure DNS replication
4
94
MCTS: Windows Server 2008 70-642 Q&A
170. By default when creating a new application directory partition, where does the partition exist? A. Only on the server in which it was created B. On all servers in Active Directory C. On all clients D. None of the above 70-642 Objective 2.4: Configure DNS replication 171. The Active Directory Zone Replication Scope page gives you four options in which to store the zone. Which option stores the new zone in the ForestDNSZones partition? A. To All DNS Servers In This Forest B. To All DNS Servers In This Domain C. To All Domain Controllers In This Domain D. To All Domain Controllers Specified In The Scope Of This Directory Partition 70-642 Objective 2.4: Configure DNS replication 172. The Active Directory Zone Replication Scope page gives you four options in which to store the zone. Which option stores the new zone in the DomainDNSZones partition? A. To All DNS Servers In This Forest B. To All DNS Servers In This Domain C. To All Domain Controllers In This Domain D. To All Domain Controllers Specified In The Scope Of This Directory Partition 70-642 Objective 2.4: Configure DNS replication 173. The Active Directory Zone Replication Scope page gives you four options in which to store the zone. Which option stores the zone in the domain partition? A. To All DNS Servers In This Forest B. To All DNS Servers In This Domain C. To All Domain Controllers In This Domain D. To All Domain Controllers Specified In The Scope Of This Directory Partition 70-642 Objective 2.4: Configure DNS replication 174. The Active Directory Zone Replication Scope page gives you four options in which to store the zone.Which option stores the zone in the user-created application directory partition that is specified in the drop-down list box? A. To All DNS Servers In This Forest B. To All DNS Servers In This Domain C. To All Domain Controllers In This Domain D. To All Domain Controllers Specified In The Scope Of This Directory Partition 70-642 Objective 2.4: Configure DNS replication
Chapter 4
Configuring Name Resolution
95
175. In the following image, which option would you select in order to change the replication scope for the zone?
4
A. Pause B. Type: Change C. Replication: Change D. Aging 70-642 Objective 2.4: Configure DNS replication 176. Which of the following commands would create a custom application directory partition? A. dnscmd servername /createdirectorypartition FQDN B. dnscmd servername /enlistdirectorypartition FQDN C. dnscmd /createdirectorypartition FQDN D. /createpartition FQDN 70-642 Objective 2.4: Configure DNS replication 177. To add DNS servers to a created custom application directory partition, you would use which of the following commands? A. dnscmd servername /createdirectorypartition FQDN B. dnscmd servername /enlistdirectorypartition FQDN C. dnscmd /enlistorypartition FQDN D. /enlisttion FQDN 70-642 Objective 2.4: Configure DNS replication 178. Which of the following is the proper use of the command to add application directory partitions if the partition is to be names DNSpart1 on a computer named serv1 in the Active Directory domain dtilearning.com? A. dnscmd serv1 /createpartition DNSpart1.dtilearning.com B. dnscmd serv1 /createdirectorypartition DNSpart1.dtilearning.com C. dnscmd serv1 /createapplicationdirectorypartition DNSpart1.dtilearning.com D. dnscmd serv1 /create DNSpart1.dtilearning.com 70-642 Objective 2.4: Configure DNS replication
96
MCTS: Windows Server 2008 70-642 Q&A
179. If you want to add a computer named serv2 to the application directory partition, which command would you use? The partition is called DNSpart1 and the domain is dtilearning.com. A. dnscmd /enlist serv2 DNSpart1.dtilearning.com B. dnscmd serv2 /enlist DNSpart1.dtilearning.com C. dnscmd serv2 /enlistdirectorypartition DNSpart1.dtilearning.com D. dnscmd /enlistdirectorypartition serv2 DNSpart1.dtilearning.com 70-642 Objective 2.4: Configure DNS replication 180. Assuming all of your DNS servers are also Domain Controllers, you would want to use which of the following to keep zone data the same among the DNS servers? A. Active Directory-integrated zones B. Active Directory replication C. Zone transfers D. Zone copies 70-642 Objective 2.4: Configure DNS replication 181. This term is used to describe when a secondary zone pulls a copy of the zone data from a master zone. A. Active Directory replication B. Zone copy C. Zone transfer D. Active Directory copy 70-642 Objective 2.4: Configure DNS replication 182. The master of a secondary zone can be which of the following? A. Primary zone B. Secondary zone C. Active Directory-integrated primary zone D. All of the above 70-642 Objective 2.4: Configure DNS replication 183. If your DNS server is not a Domain Controller also, where must the zone data be stored? A. Active Directory B. Local text file on the DNS server C. Local text file on the clients D. Local text file on the Domain Controller 70-642 Objective 2.4: Configure DNS replication 184. Which of the following events will NOT trigger a zone transfer? A. When the refresh interval of the primary zone’s SOA resource record expires B. When a server hosting a secondary server starts C. When a server hosting a primary server starts D. When a change occurs in the setup of the primary zone and this zone is configured to send updates when it is modified 70-642 Objective 2.4: Configure DNS replication
Chapter 4
Configuring Name Resolution
97
185. Match the following terms with their correct definition in the table. A. Secondary zone B. Zone transfer C. Primary zone D. Stub zone Zone copies that occur between a master and a secondary zone in order to keep zone data up to date. A read-write copy that is the original source for zone data for a part of a DNS namespace. A standard zone stored in a text file in read-only format. A zone that consists of a list of servers authoritative for names in a DNS domain. 70-642 Objective 2.4: Configure DNS replication 186. Match the following sub-options from the Zone Transfers tab of the Zone Properties dialog box by writing the letter in the correct cell. A. Allows you to give a list of secondary servers that will allow zone transfers. B. Allows anyone with network access to the DNS server to have complete access to the contents of the zone. C. Allows zone transfers only to secondary DNS servers that have a Name Server record in the zone. To any server Only to servers listed on the Name Servers tab Only to the following servers 70-642 Objective 2.4: Configure DNS replication 187. Which option of the Zone transfers tab of the Zone Properties dialog box is the least secure? A. To any server B. Only to servers listed on the Name Servers tab C. Only to the following servers D. The same level of security is available on all these options 70-642 Objective 2.4: Configure DNS replication 188. Which type of zone contains only the basic records in the master zone? A. Standard zone B. Secondary zone C. Stub zone D. Small zone 70-642 Objective 2.4: Configure DNS replication
4
98
MCTS: Windows Server 2008 70-642 Q&A
189. Which of the following is the command to open the System Properties dialog box? A. sysdm.cpl B. sysprop.cpl C. prop.cpl D. dm.cpl 70-642 Objective 2.5: Configure name resolution for client computers 190. Which of the following commands will output the computer’s host name? A. host B. hname C. hostname D. name 70-642 Objective 2.5: Configure name resolution for client computers 191. Match the parts of the full computer name pc1.dtilearning.com to their type by writing the letter in the correct cell. A. Hostname B. Primary DNS suffix pc1 dtilearning.com 70-642 Objective 2.5: Configure name resolution for client computers 192. This type of suffix is used with a certain network connection. A. Network-specific suffix B. Connection-specific suffix C. Interface-specific suffix D. Network connection suffix 70-642 Objective 2.5: Configure name resolution for client computers 193. Which of the following options is used to assign the connection-specific suffix? A. 003 Router B. 006 DNS Servers C. 015 DNS Domain Name D. 044 WINS/NBNS Servers 70-642 Objective 2.5: Configure name resolution for client computers
Chapter 4
Configuring Name Resolution
99
194. When a DNS domain suffix search is run, what is the correct order that the DNS client uses if the query fails? A. Use a connection-specific suffix assigned to a network adapter B. Use the parent suffix of the primary DNS suffix C. Use the primary DNS suffix of the local computer Step 1 Step 2 Step 3 70-642 Objective 2.5: Configure name resolution for client computers 195. You are on a computer with a full name of bob_pc.north.dtilearning.com, and you have the following connection-specific suffixes: sub1.north.dtilearning.com and sub2.north.dtilearning.com. On this computer you run a search for a computer named Mark_pc. Which of the following describes the first name that the DNS client will attempt to use as the full DNS name? A. Mark_pc.dtilearning.com B. Mark_pc.sub1.north.dtilearning.com C. Mark_pc.sub2.north.dtilearning.com D. Mark_pc.north.dtilearning.com 70-642 Objective 2.5: Configure name resolution for client computers 196. You are on a computer with a full name of bob_pc.north.dtilearning.com, and you have the following connection-specific suffixes: sub1.north.dtilearning.com and sub2.north.dtilearning.com. On this computer you run a search for a computer named Mark_pc. Which of the following describes the second name that the DNS client will attempt to use as the full DNS name if the first choice fails? A. Mark_pc.dtilearning.com B. Mark_pc.sub1.north.dtilearning.com C. Mark_pc.sub2.north.dtilearning.com D. Both B and C 70-642 Objective 2.5: Configure name resolution for client computers 197. You are on a computer with a full name of bob_pc.north.dtilearning.com, and you have the following connection-specific suffixes: sub1.north.dtilearning.com and sub2.north.dtilearning.com. On this computer you run a search for a computer named Mark_pc.Which of the following describes the LAST name that the DNS client will attempt to use as the full DNS name? A. Mark_pc.dtilearning.com B. Mark_pc.sub1.north.dtilearning.com C. Mark_pc.sub2.north.dtilearning.com D. Mark_pc.north.dtilearning.com 70-642 Objective 2.5: Configure name resolution for client computers
4
100
MCTS: Windows Server 2008 70-642 Q&A
198. When a server running Windows Server 2008 is configured with the appropriate settings, it can accept the dynamic registration and updates of the following EXCEPT which? A. A B. AAAA C. MX D. PTR 70-642 Objective 2.5: Configure name resolution for client computers 199. This type of record is a Forward Lookup zone that returns an address when queried using a name. A. Host B. Pointer C. Mail Exchanger D. Service location 70-642 Objective 2.5: Configure name resolution for client computers 200. In order to attempt a computer to force a registration in DNS, you would use which of the following commands? A. ipconfig /renew B. ipconfig /registerdns C. ipconfig /displaydns D. ipconfig /flushdns 70-642 Objective 2.5: Configure name resolution for client computers 201. To force an update of pointer records in a DHCP environment, which of the following commands should be used? A. ipconfig /renew B. ipconfig /registerdns C. ipconfig /displaydns D. ipconfig /flushdns 70-642 Objective 2.5: Configure name resolution for client computers 202. DNS clients check the ____________ before they try to query a DNS server. A. DNS local host B. DNS resolver cache C. DHCP host cache D. DHCP resolver cache 70-642 Objective 2.5: Configure name resolution for client computers 203. In order to display the DNS client cache, you would use which of the following commands? A. ipconfig /renew B. ipconfig /registerdns C. ipconfig /displaydns D. ipconfig /flushdns 70-642 Objective 2.5: Configure name resolution for client computers
Chapter 4
Configuring Name Resolution
101
204. Which of the following commands would be used to clear a DNS client cache? A. ipconfig /renew B. ipconfig /registerdns C. ipconfig /displaydns D. ipconfig /flushdns 70-642 Objective 2.5: Configure name resolution for client computers 205. If you recently fixed a DNS problem on your network, but one of the computers is still receiving errors, which of the following commands should you use to help resolve this problem? A. ipconfig /renew B. ipconfig /displaydns C. ipconfig /flushdns D. ipconfig /registerdns 70-642 Objective 2.5: Configure name resolution for client computers 206. Match the following commands with their uses. A. ipconfig /flushdns B. ipconfig /displaydns C. ipconfig /registerdns D. ipconfig /renew Display the DNS client cache Clear the DNS client cache Force a client to attempt dynamic registration of its records Force an update of pointer records on a DHCP client 70-642 Objective 2.5: Configure name resolution for client computers 207. DNS clients will NEVER attempt to register which type of IPv4 addresses? A. Private B. Link-local C. Public D. APIPA 70-642 Objective 2.5: Configure name resolution for client computers 208. DNS clients will never attempt to register which type of IPv6 address? A. Link-local B. Global C. Unique local D. APIPA 70-642 Objective 2.5: Configure name resolution for client computers
4
This page intentionally left blank
CHAPTER
5
CONFIGURING NETWORK ACCESS T
his chapter contains 175 questions that all fall under Microsoft’s third main exam objective for the 70-642 exam, “Configuring Network Access.” This main objective consists of the following five sub-objectives: ■ ■ ■ ■ ■
Configure Configure Configure Configure Configure
remote access Network Access Protection (NAP) network authentication wireless access firewall settings
Microsoft has given this main exam objective a weight of 22%, which is why I created 175 (out of a total of 800) test preparation questions for this chapter.
TEST PREPARATION QUESTIONS 1. Which of the following will provide remote network access to users? A. Dial-up B. Wireless C. VPN D. Both A and C 70-642 Objective 3.1: Configure remote access 2. Which type of remote access gives the user a high level of privacy but low performance? A. Dial-up B. Wireless C. VPN D. All of the above 70-642 Objective 3.1: Configure remote access 3. Which type of remote access gives the user high performance but opens the internal network up to possible attacks? A. Dial-up B. Wireless C. VPN D. None of the above 70-642 Objective 3.1: Configure remote access
103
5
104
MCTS: Windows Server 2008 70-642 Q&A
4. This remote access technique is often seen as outdated. A. VPN B. Dial-up C. Wireless D. WEP 70-642 Objective 3.1: Configure remote access 5. If you use a modem to connect to a remote access server over a phone line, you are using which remote access technique? A. VPN B. Wireless C. WEP D. Dial-up 70-642 Objective 3.1: Configure remote access 6. Which of the following is NOT an advantage for using dial-up over a VPN? A. Do not need an Internet connection B. Small privacy risks C. High bandwidth possibility D. Consistent performance 70-642 Objective 3.1: Configure remote access 7. Which of the following remote access techniques sends its traffic across the public switched telephone network (PSTN)? A. VPN B. Dial-up C. Wireless D. Broadband 70-642 Objective 3.1: Configure remote access 8. Which of the following is NOT a disadvantage of using the dial-up remote access technique? A. High cost B. Low bandwidth C. Requires Internet connection D. Slow web browsing 70-642 Objective 3.1: Configure remote access
Chapter 5
Configuring Network Access
105
9. Separate the items in the Attributes list into the advantages of dial-up and the advantages of VPNs. Attributes No Internet connection required High bandwidth potential Small privacy risks Consistent performance Low cost Dial-Up Advantages
VPN Advantages
5 70-642 Objective 3.1: Configure remote access 10. Separate the items in the Attributes list into the disadvantages of dial-up and the disadvantages of VPNs. VPN Attributes Internet connection required Low bandwidth High latency High cost Dial-Up Disadvantages
70-642 Objective 3.1: Configure remote access
VPN Disadvantages
106
MCTS: Windows Server 2008 70-642 Q&A
11. Match the items in the Attributes list with the correct column based on whether they are advantages or disadvantages when using dial-up. Dial-Up Attributes No Internet connection required Bandwidth potential Privacy risks Performance Cost of scalability Advantages
Disadvantages
70-642 Objective 3.1: Configure remote access 12. Match the following terms with the correct column based on whether they are advantages or disadvantages when using VPNs. Attributes Latency Bandwidth potential Internet required Cost VPN Advantages
VPN Disadvantages
70-642 Objective 3.1: Configure remote access 13. Which type of remote access technique uses the Internet to send its traffic to the remote access server? A. Dial-up B. VPN C. Wireless D. All of the above 70-642 Objective 3.1: Configure remote access
Chapter 5
Configuring Network Access
107
14. A VPN server requires how many connections to the Internet? A. 1 B. 2 C. 10 D. One for each user connected to the server 70-642 Objective 3.1: Configure remote access 15. Which of the following is NOT an advantage to using the VPN remote access technique? A. High bandwidth potential B. Low cost for the user C. Low cost for the server D. Low latency 70-642 Objective 3.1: Configure remote access 16. Which of the following is NOT a disadvantage to using the VPN remote access technique? A. Requires Internet connection B. High latency C. Poor efficiency with slower connections D. High cost 70-642 Objective 3.1: Configure remote access 17. When a company uses the dial-up remote access method and needs more than one dial-up connection, what specific piece of hardware would the company use? A. Modem B. Modem swarm C. Modem bank D. Modem block 70-642 Objective 3.1: Configure remote access 18. This device accepts dial-up connections and submits authentication requests to a RADIUS server. A. Modem B. Modem bank C. Modem server D. Switch 70-642 Objective 3.1: Configure remote access 19. Organizations often have an ISP manage the modem bank and accept dial-up connections. Using this system, the ISP configures the modem bank to send authentication requests to which server? A. DNS server B. Domain Controller C. RADIUS D. VPN server 70-642 Objective 3.1: Configure remote access
5
108
MCTS: Windows Server 2008 70-642 Q&A
20. Which of the following VPN technologies uses Point-to-Point Protocol (PPP) authentication for user-level authentication and Microsoft Point-to-Point Encryption (MPPE) for data encryption? A. Point-to-Point Tunneling Protocol (PPTP) B. Layer Two Tunneling Protocol (L2TP) C. Secure Socket Tunneling Protocol (SSTP) D. None of the above 70-642 Objective 3.1: Configure remote access 21. Which of the following VPN technologies uses Point-to-Point Protocol (PPP) authentication methods for user-level authentication and IPSec for encryption? A. Point-to-Point Tunneling Protocol (PPTP) B. Layer Two Tunneling Protocol (L2TP) C. Secure Socket Tunneling Protocol (SSTP) D. None of the above 70-642 Objective 3.1: Configure remote access 22. Which of the following VPN technologies uses Point-To-Point Protocol (PPP) authentication methods for user-level authentication and uses Hypertext Transfer Protocol (HTTP) encapsulation over a Secure Sockets Layer (SSL) channel for data encryption? A. Point-to-Point Tunneling Protocol (PPTP) B. Layer Two Tunneling Protocol (L2TP) C. Secure Socket Tunneling Protocol (SSTP) D. None of the above 70-642 Objective 3.1: Configure remote access 23. Match the following protocols with the VPN technology that uses them. Protocols Point-to-Point Protocol (PPP) Hypertext Transfer Protocol (HTTP) IPSec Microsoft Point-to-Point Encryption (MPPE) Point-to-Point Tunneling Protocol (PPTP)
Layer Two Tunneling Protocol (L2TP)
70-642 Objective 3.1: Configure remote access
Secure Socket Tunneling Protocol (SSTP)
Chapter 5
Configuring Network Access
109
24. Which type of VPN technology can travel through many firewalls, NATs, and proxy servers that would normally cause other VPN technologies to fail? A. Layer Two Tunneling Protocol (L2TP) B. Secure Socket Tunneling Protocol (SSTP) C. Point-to-Point Tunneling Protocol (PPTP) D. Travers Tunneling Protocol (TTP) 70-642 Objective 3.1: Configure remote access 25. Which type of VPN technology is supported only by Windows Server 2008 and Windows Vista with Service Pack 1? A. Secure Socket Tunneling Protocol (SSTP) B. Layer Two Tunneling Protocol (L2TP) C. Point-to-Point Tunneling Protocol (PPTP) D. None of the above 70-642 Objective 3.1: Configure remote access 26. By default, Windows Server 2008 VPN server can support how many VPN technologies at the same time? A. 1 B. 2 C. 3 D. 10 70-642 Objective 3.1: Configure remote access 27. When configuring a VPN server, you need to have two network cards. One should be connected to the public Internet. Where should the other one be connected? A. To a direct line to the VPN client B. To a modem bank C. To the intranet D. To a direct line to your Domain Controller 70-642 Objective 3.1: Configure remote access 28. With the default settings, how many ports does Windows Server 2008 create for each of the three VPN technologies? A. 1 B. 24 C. 64 D. 128 70-642 Objective 3.1: Configure remote access
5
110
MCTS: Windows Server 2008 70-642 Q&A
29. Each VPN connection requires how many ports? A. 1 B. 2 C. 24 D. 128 70-642 Objective 3.1: Configure remote access 30. You recently added a VPN server to an existing web server, but you can no longer connect to the web server. What is causing this problem? A. You cannot have anything else hosted on a VPN server B. The problem is unrelated to either the web server or the VPN server C. You need to add packet filters and exceptions for Windows Firewall to allow traffic for the web server D. None of the above 70-642 Objective 3.1: Configure remote access 31. Match the following connection restrictions with their uses. Connection Restrictions A. Controls access based on the IP address of the wireless access point. B. Restricts the connection for certain portions of the week or day. C. Controls access depending on the IP address of the client when the Windows Server 2008 computer is acting as a VPN server. D. Requires certain protocols and authentication methods. E. Allows connections from a specific phone number. F. Allows you to restrict access to modems, wireless access points, or VPN connections. G. Requires the user or computer to be in a certain group. H. Controls access depending on the IP address of the client when the Windows Server 2008 computer is acting as a RADIUS server. Connection Restriction
Use Windows Groups, Machine Groups, and User Groups Day and Time Restrictions Access Client IPv4 Address and Access Client IPv6 Address Client IPv4 Address and Client IPv6 Address NAS IPv4 Address and NAS IPv6 Address Authentication Type, Allowed EAP Types, Framed Protocol, Service Type, and Tunnel Type Calling Station ID NAS Port Type
70-642 Objective 3.1: Configure remote access
Chapter 5
Configuring Network Access
111
32. Which of the following connection restrictions force the computer or user to belong to a specific group? A. Windows Groups, Machine Groups, and User Groups B. Day and Time Restrictions C. Calling Station ID D. NAS Port Type 70-642 Objective 3.1: Configure remote access 33. Which of the following connection restrictions limit usage to specific days or times? A. Calling Station ID B. NAS Port Type C. Day and Time Restrictions D. NAS IPv4 Address and NAS IPv6 Address 70-642 Objective 3.1: Configure remote access 34. This connection restriction controls access based on the IP address of the client when the server is acting as a VPN server. A. Access Client IPv4 Address and Access Client IPv6 Address B. Client IPv4 Address and Client IPv6 Address C. NAS IPv4 Address and NAS IPv6 Address D. NAS Port Type 70-642 Objective 3.1: Configure remote access 35. Which connection restriction limits access based on the IP address of the client when the server is acting as a RADIUS server? A. Access Client IPv4 Address and Access Client IPv6 Address B. Client IPv4 Address and Client IPv6 Address C. NAS IPv4 Address and NAS IPv6 Address D. NAS Port Type 70-642 Objective 3.1: Configure remote access 36. Which connection restriction limits access based on the IP address of the wireless access point? A. NAS IPv4 Address and NAS IPv6 Address B. Access Client IPv4 Address and Access Client IPv6 Address C. NAS Port Type D. Client IPv4 Address and Client IPv6 Address 70-642 Objective 3.1: Configure remote access
5
112
MCTS: Windows Server 2008 70-642 Q&A
37. This connection restriction limits connections by requiring specific authentication methods or protocols. A. Authentication Type,Allowed EAP Types, Framed Protocol, Service Type, and Tunnel Type B. Calling Station ID C. NAS Port Type D. Client IPv4 Address and Client IPv6 Address 70-642 Objective 3.1: Configure remote access 38. Which connection restriction accepts connections from only specific phone numbers? A. NAS Port Type B. Client IPv4 Address and Client IPv6 Address C. NAS IPv4 Address and NAS IPv6 Address D. Calling Station ID 70-642 Objective 3.1: Configure remote access 39. This connection restriction is used to restrict access to modems, wireless access points, or VPN connections. A. Calling Station ID B. NAS IPv4 Address and NAS IPv6 Address C. Authentication Type,Allowed EAP Types, Framed Protocol, Service Type, and Tunnel Type D. NAS Port Type 70-642 Objective 3.1: Configure remote access 40. When you are using Network Access Protection (NAP) and a computer connects to your network, NAP will check for which of the following requirements? A. That the computer is virus-free B. That the computer has a key logger C. That the computer has the latest operating system updates D. None of the above 70-642 Objective 3.2: Configure Network Access Protection (NAP) 41. Which of the following is designed to connect hosts to separate resources when they have different health states? A. IPSec B. DHCP C. NAP D. TCP/IP 70-642 Objective 3.2: Configure Network Access Protection (NAP) 42. A network resource must ____________ network access to enforce NAP. A. Allow B. Deny C. Allow or Deny D. None of the above 70-642 Objective 3.2: Configure Network Access Protection (NAP)
Chapter 5
Configuring Network Access
113
43. Which of the following is NOT a NAP enforcement type? A. IPSec connection security B. 802.1X access points C. VPN servers D. Active Directory Domain Controllers 70-642 Objective 3.2: Configure Network Access Protection (NAP) 44. Which NAP enforcement type requires clients to perform a NAP health check before they are granted a health certificate? A. IPSec connection security B. 802.1X access points C. VPN servers D. DHCP servers 70-642 Objective 3.2: Configure Network Access Protection (NAP) 45. Which enforcement type allows you to require health checks on a per-IP address basis? A. 802.1X access points B. VPN servers C. IPSec connection security D. DHCP servers 70-642 Objective 3.2: Configure Network Access Protection (NAP) 46. This connection enforcement type can allow only healthy computers to communicate with healthy computers. A. DHCP servers B. VPN servers C. 802.1X access points D. IPSec connection security 70-642 Objective 3.2: Configure Network Access Protection (NAP) 47. Which enforcement type uses Ethernet switches or wireless access points that use a specific type of authentication? A. IPSec connection security B. VPN servers C. 802.1X access points D. DHCP servers 70-642 Objective 3.2: Configure Network Access Protection (NAP) 48. Which of the following NAP enforcement types would grant client computers full network access but connect noncompliant computers to a remediation network? A. 802.1X access points B. VPN servers C. DHCP servers D. IPSec connection security 70-642 Objective 3.2: Configure Network Access Protection (NAP)
5
114
MCTS: Windows Server 2008 70-642 Q&A
49. Which two of the following are the methods that 802.1X uses to control the level of access computers receive? A. ACL B. WAN C. IPSec D. VPN E. VLAN 70-642 Objective 3.2: Configure Network Access Protection (NAP) 50. Which of the following is a set of IPv4 or IPv6 packet filters configured on the 802.1X access point? A. VLAN B. ACL C. IP list D. Address list 70-642 Objective 3.2: Configure Network Access Protection (NAP) 51. Which of the following is a group of ports on a switch that are grouped together to create a separate network? A. ACL B. SLAN C. WLAN D. VLAN 70-642 Objective 3.2: Configure Network Access Protection (NAP) 52. Which NAP enforcement type enforces NAP for remote access connections that use a VPN server running Windows Server 2008 and Routing and Remote Access? A. IPSec connection security B. DHCP server C. Routing and Remote Access D. VPN server 70-642 Objective 3.2: Configure Network Access Protection (NAP) 53. Which NAP enforcement type requires a Windows 2008 server to also be running the DHCP service? A. IPSec connection security B. VPN server C. DHCP server D. DNS server 70-642 Objective 3.2: Configure Network Access Protection (NAP)
Chapter 5
Configuring Network Access
115
54. Using which enforcement type will give noncompliant computers an IP address with a subnet mask of 255.255.255.255 and no default gateway? A. VPN server B. 802.1X access points C. IPSec connection security D. DHCP server 70-642 Objective 3.2: Configure Network Access Protection (NAP) 55. Which of the following are the two main components of a NAP health validation? A. System Health Agent (SHAs) B. Statement of Health (SoH) C. System Health Validators (SHVs) D. SoH Response (SoHR) E. System Health Client (SHC) 70-642 Objective 3.2: Configure Network Access Protection (NAP) 56. What is the client component that creates a Statement of Health? A. SHA B. SHV C. SoHR D. SHC 70-642 Objective 3.2: Configure Network Access Protection (NAP) 57. What is the server component that analyzes the Statement of Health and creates a Statement of Health Response? A. System Health Agents (SHAs) B. System Health Clients (SHCs) C. System Health Servers (SHSs) D. System Health Validators (SHVs) 70-642 Objective 3.2: Configure Network Access Protection (NAP) 58. Match the phases of a NAP deployment (Limited Access,Testing, and Monitoring) with their correct explanations. Deployment Phase
Explanation Uses different examples of different OS, client configurations, and enforcement types. Launches NAP but does not limit connections yet. Launches NAP and enables NAP enforcement.
70-642 Objective 3.2: Configure Network Access Protection (NAP)
5
116
MCTS: Windows Server 2008 70-642 Q&A
59. During which phase of NAP deployment does the administrator try different operating systems, client configurations, and enforcement points? A. Testing B. Monitoring C. Limited Access D. Example 70-642 Objective 3.2: Configure Network Access Protection (NAP) 60. During which phase of NAP deployment is the NAP notified of failed health requirements but does not limit connections? A. Testing B. Monitoring C. Limited Access D. Notification 70-642 Objective 3.2: Configure Network Access Protection (NAP) 61. During which phase of NAP deployment will you begin to deny access to your network? A. Testing B. Limited Access C. Denial D. Monitoring 70-642 Objective 3.2: Configure Network Access Protection (NAP) 62. If you have a RADUIS server running Windows Server 2003 and Internet Authentication Service, which of the following will you need to do in order to make it into a Network Policy Server? A. Upgrade to Windows Server 2008 B. Configure it as a NAP health policy server C. Both A and B D. None of the above 70-642 Objective 3.2: Configure Network Access Protection (NAP) 63. If you are running a RADIUS server on a non-Windows operating system and you want to make it into a Network Policy Server, which of the following must you do? A. Upgrade it to Windows Server 2008 B. Configure it as a NAP health policy server C. Both A and B D. You can’t make it into a Network Policy Server 70-642 Objective 3.2: Configure Network Access Protection (NAP)
Chapter 5
Configuring Network Access
117
64. When you install the HRA role service, it configures which of the following in order to handle the certificates? A. Certification Authority B. Certification Service C. Certification Application D. Certification Server 70-642 Objective 3.2: Configure Network Access Protection (NAP) 65. When you install the HRA role service, which of the following is configured and named DomainHRA? A. A certification authority B. DHCP server C. Domain Controller D. A web application 70-642 Objective 3.2: Configure Network Access Protection (NAP) 66. Which of the following is NOT one of the sub-nodes used to configure the client NAP settings? A. Enforcement Clients B. User Interface Settings C. Enforcement Servers D. Health Registration Settings 70-642 Objective 3.2: Configure Network Access Protection (NAP) 67. Which of the following sub-nodes used to configure the client NAP settings requires you to configure one policy that forces clients to use that policy? A. Enforcement Clients B. User Interface Settings C. Health Registration Settings D. Client Settings 70-642 Objective 3.2: Configure Network Access Protection (NAP) 68. Which sub-node used to configure the client NAP settings is used to change the text portions of the NAP client interface? A. Enforcement Clients B. User Interface Settings C. NAP client Interface D. Health Registration Settings 70-642 Objective 3.2: Configure Network Access Protection (NAP)
5
118
MCTS: Windows Server 2008 70-642 Q&A
69. Which of the following sub-nodes must be configured in order to configure cryptographic settings for NAP clients? A. Request Policy B. Trusted Server Group C. NAP Client Configuration D. User Interface Settings 70-642 Objective 3.2: Configure Network Access Protection (NAP) 70. Which command is used to check a client’s NAP configuration? A. netsh nap client show B. netsh nap client show state C. netsh nap client show state /all D. netsh nap client 70-642 Objective 3.2: Configure Network Access Protection (NAP) 71. Which of the following commands will enable the DHCP Quarantine enforcement client? A. netsh nap client set enforcement enable B. netsh nap client set enforcement DHCP enable C. netsh nap client enforcement DHCP enable D. netsh nap client set enforcement 79617 enable 70-642 Objective 3.2: Configure Network Access Protection (NAP) 72. What one of the following is NOT part of a health requirement policy? A. Connection request policy B. System health validators C. Full access server group D. Network policy 70-642 Objective 3.2: Configure Network Access Protection (NAP) 73. What is the name of the policy that determines whether a request should be processed by the Name Policy Server? A. Connection request policy B. System health validators C. Remediation server group D. Network policy 70-642 Objective 3.2: Configure Network Access Protection (NAP) 74. This policy determines the health checks that a client must pass in order to be considered compliant. A. Connection request policy B. System health validators C. Remediation server group D. Network policy 70-642 Objective 3.2: Configure Network Access Protection (NAP)
Chapter 5
Configuring Network Access
119
75. Match the items in the Attributes list with the correct column based on whether they are advantages or disadvantages when using wireless networks. Wireless Network Attributes Impact on place of deployment Mobility Security of WEP and WPA Non-physical connection Default security settings Speed of deployment Wireless Network Benefits
Wireless Network Problems
70-642 Objective 3.4: Configure wireless access 76. You are asked to set up a network at a historical landmark, but because of local building laws you are not allowed to physically modify any part of the building. What should you do? A. Set up a network, but run wires along the ground B. Set up a network and run the wires like normal, thus ignoring the law C. Set up a wireless network D. Tell the company it’s not possible to have a network 70-642 Objective 3.4: Configure wireless access 77. Hotels, airports, and coffee shops often have a ____________ network for customers to use. A. Wired B. Bluetooth C. WAN D. Wireless 70-642 Objective 3.4: Configure wireless access 78. If you want to deploy a network in your home but have only a limited amount of time, which type of network should you set up? A. Wired B. Wireless C. Bluetooth D. Same amount of time for all types of networks 70-642 Objective 3.4: Configure wireless access
5
120
MCTS: Windows Server 2008 70-642 Q&A
79. Using a ____________ network will allow you to connect to other users without a network infrastructure. A. Wired B. WAN C. Wireless D. None of the above 70-642 Objective 3.4: Configure wireless access 80. Which of the following statements is true? 1. Physical connections are more secure. 2. Non-physical connections are more secure. A. The first B. The second C. They are both true D. Neither is true 70-642 Objective 3.4: Configure wireless access 81. By default, the majority of wireless access points have which of the following enabled? A. Authentication B. Encryption C. Both authentication and encryption D. Neither authentication nor encryption 70-642 Objective 3.4: Configure wireless access 82. Are Wired Equivalent Protection (WEP) and Wi-Fi Protected Access (WPA) vulnerable to cracking attacks? A. Yes B. Only WEP is C. Only WPA is D. Neither is vulnerable 70-642 Objective 3.4: Configure wireless access 83. Which of the following is the original wireless network type, with a theoretical network throughput of 11 Mbps? A. 802.11a B. 802.11b C. 802.11g D. 802.11n 70-642 Objective 3.4: Configure wireless access
Chapter 5
Configuring Network Access
121
84. Which of the wireless network types has a theoretical network throughput of 54 Mbps? A. 802.11d B. 802.11b C. 802.11g D. 802.11n 70-642 Objective 3.4: Configure wireless access 85. This wireless network type has a theoretical network throughput of 250 Mbps. A. 802.11a B. 802.11b C. 802.11g D. 802.11n 70-642 Objective 3.4: Configure wireless access 86. Match the following wireless network types with their definitions. Network Type 802.11a 802.11b 802.11g 802.11n Network Type
Definition Uses the 5.4 GHz range. Has a theoretical network throughput of 11 Mbps. Has a theoretical network throughput of 54 Mbps. Has a theoretical network throughput of 250 Mbps.
70-642 Objective 3.4: Configure wireless access 87. Which wireless network type uses the range 5.4 GHz instead of 2.4 GHz? A. 802.11a B. 802.11b C. 802.11g D. 802.11n 70-642 Objective 3.4: Configure wireless access
5
122
MCTS: Windows Server 2008 70-642 Q&A
88. Match the following wireless security standards with their use. Wireless Security Standard Wi-Fi Protected Access (WPA) WPA2 Wired Equivalent Protection (WEP) Standard
Use Original wireless security standard requires you to enter a key or passphrase. Has stronger cryptography than WEP but still has vulnerabilities. Most advanced wireless security standard and most secure.
70-642 Objective 3.4: Configure wireless access 89. Which wireless network security standard lets the user connect without any authentication or encryption? A. Wi-Fi Protected Access (WPA) B. No security C. Wired Equivalent Protection (WEP) D. WPA2 70-642 Objective 3.4: Configure wireless access 90. Which wireless network security standard gives the user a universally supported method of authentication and encryption? A. No security B. Wi-Fi Protected Access (WPA) C. Wired Equivalent Protection (WEP) D. WPA2 70-642 Objective 3.4: Configure wireless access 91. WEP is able to use ____________ encryption. A. 64-bit B. 128-bit C. Both 64-bit and 128-bit D. 256-bit 70-642 Objective 3.4: Configure wireless access 92. Which wireless network security standard offers the second highest level of cryptography? A. No security B. WPA C. WEP D. WPA2 70-642 Objective 3.4: Configure wireless access
Chapter 5
Configuring Network Access
123
93. Match these two types of WPAs (WPA-PSK and WPA-EAP) with their methods. Uses a pre-shared key. Gives authentication requests to a RADIUS server. 70-642 Objective 3.4: Configure wireless access 94. Which type of WPA uses a static key and is vulnerable to brute force attacks? A. WPA-PSK B. WPA-KEY C. WPA-EAP D. WPA-RAD 70-642 Objective 3.4: Configure wireless access 95. Which type of WPA uses a RADIUS server to authenticate requests, making it the more secure type? A. WPA-KEY B. WPA-PSK C. WPA-EAP D. WPA-RAD 70-642 Objective 3.4: Configure wireless access 96. Which wireless network security standard is also called IEEE 802.11i? A. No security B. WEP C. WPA D. WPA2 70-642 Objective 3.4: Configure wireless access 97. Which wireless network security standard provides the best security and protection from attacks? A. No security B. WPA2 C. WEP D. WPA 70-642 Objective 3.4: Configure wireless access 98. Order the following from the most secure to the least. A. 64-bit WEP B. WPA-EAP C. 128-bit WEP D. WPA2-EAP E. WPA-PSK F. WPA2-PSK 70-642 Objective 3.4: Configure wireless access
5
124
MCTS: Windows Server 2008 70-642 Q&A
99. Match the two wireless network modes (infrastructure mode and ad hoc mode) with their uses. Mode
Use Wireless access points act as central hubs. Wireless communications occur directly between wireless clients.
70-642 Objective 3.4: Configure wireless access 100. Which of the following is the correct wireless network mode that allows a user to connect to an access point that acts as a central hub for wireless clients? A. Infrastructure mode B. Hub mode C. Ad hoc mode D. P2P mode 70-642 Objective 3.4: Configure wireless access 101. What type of wireless network mode should be used if you are out of range of an access point but want to share a video with other wireless clients? A. Infrastructure mode B. Hub mode C. Ad hoc mode D. P2P mode 70-642 Objective 3.4: Configure wireless access 102. Match the following authentication modes for windows wireless clients. User Only Computer and User Computer Only Windows authenticates to the wireless network before showing the Windows logon screen. Windows authenticates after the user logs on. Windows authenticates before the user logs on. And after going through the Windows logon it will authenticate using the user attributes. 70-642 Objective 3.4: Configure wireless access
Chapter 5
Configuring Network Access
125
103. You are in charge of setting up the authentication mode for wireless Windows clients. If you want them to be authenticated before showing the Windows logon screen which mode should you use? A. User Only B. Computer and User C. None of the above D. Computer Only 70-642 Objective 3.3: Configure network authentication 104. You are in charge of setting up the authentication mode for wireless Windows clients.Which authentication mode should you use if you want the users to be authenticated after they supply their Windows logon credentials? A. Computer Only B. User Only C. Computer and User D. None of the above 70-642 Objective 3.3: Configure network authentication 105. You are in charge of setting up the authentication mode for wireless Windows clients.Which authentication mode should you use if you want the clients to be authenticated before and after a Windows logon? A. Computer Only B. User Only C. Computer and User D. None of the above 70-642 Objective 3.3: Configure network authentication 106. What feature do both Windows Vista and Windows Server 2008 have that allows administrators to set up user authentication to the wireless network to happen before the user logs on to the network? A. Pre logon B. Single Sign On C. Multiple Sign On D. Single Logon 70-642 Objective 3.3: Configure network authentication
5
126
MCTS: Windows Server 2008 70-642 Q&A
107. Match the following authentication methods with their requirements. Authentication Method Smart Card or Other Certificate Secured Password (EAP-MSCHAP v2) Protected EAP (PEAP) Authentication Method
Requirements Requires you to set up a computer certificate on a RADIUS server and a computer certificate or user certificate on all wireless client computers. Requires you to set up a computer certificate on a RADIUS server and a computer certificate or user certificate on all wireless client computers. Also requires that the user provide a certificate or a Smart Card. Requires computer certificates to be installed on all RADIUS servers and requires all client computers to trust the CA that gave them the computer certificate.
70-642 Objective 3.3: Configure network authentication 108. Which authentication method requires a computer certificate on a RADIUS server and a computer certificate or user certificate on all wireless client computers? A. PEAP B. Smart Card C. EAP-MSCHAP v2 D. None of the above 70-642 Objective 3.3: Configure network authentication 109. Which authentication method requires that the user insert a device to provide a certificate? A. PEAP B. Smart Card C. EAP-MSCHAP v2 D. None of the above 70-642 Objective 3.3: Configure network authentication 110. Which authentication method requires computer certificates to be installed on all RADIUS servers and requires all client computers to trust the CA? A. PEAP B. Smart Card C. EAP-MSCHAP v2 D. None of the above 70-642 Objective 3.3: Configure network authentication
Chapter 5
Configuring Network Access
127
111. If you want to add a layer of abstraction between your access points and your RADIUS servers, you would add which of the following? A. DNS server B. DHCP server C. WINS server D. RADIUS proxy 70-642 Objective 3.3: Configure network authentication 112. You are the administrator of a network with two different domains that do not trust each other.You want to allow the different domains to manage their own RADIUS servers.Which of the following should you use to allow this? A. VPN server B. Dial-in server C. Domain Controller D. RADIUS proxy 70-642 Objective 3.3: Configure network authentication 113. The protected EAP authentication method is compatible with which enforcement method? A. IPSec B. 802.1x C. VPN server D. DHCP server 70-642 Objective 3.3: Configure network authentication 114. You are the administrator of a network.You are charged with configuring the firewall for the web server, but you also want only internal users to be able to use remote desktop on the servers. Which of the following should you do? A. Configure an authorized connection for each private connection B. Configure the firewall scope C. Configure the firewall settings with Group Policy D. None of the above 70-642 Objective 3.5: Configure firewall settings 115. Which of the following firewall functions should you use to block connections from external sources, but allow connections from the internal network? A. Authorization B. Filter C. Scope D. Rule 70-642 Objective 3.5: Configure firewall settings
5
128
MCTS: Windows Server 2008 70-642 Q&A
116. Which of the following can be used to examine the packets that are sent to and from your computer? A. Firewall B. Filter C. Wireless access point D. NAP 70-642 Objective 3.5: Configure firewall settings 117. Match these three firewall profiles to their security settings—Private, Public, and Domain. Profile
Security Settings Allows some incoming connections. Applied whenever a member computer’s Domain Controller is accessible. Allows some incoming connections. No networks are considered this by default. The default profile type; blocks all incoming traffic.
70-642 Objective 3.5: Configure firewall settings 118. The ____________ profile is used on computers connected to its Active Directory domain. A. Directory profile B. Domain profile C. Private profile D. Public profile 70-642 Objective 3.5: Configure firewall settings 119. A user’s home office network would most likely be under which of the following profiles? A. Domain B. Private C. Home D. Public 70-642 Objective 3.5: Configure firewall settings 120. By default, which type of firewall profile is never assigned automatically? A. Domain B. Private C. Public D. Local 70-642 Objective 3.5: Configure firewall settings
Chapter 5
Configuring Network Access
129
121. By default, this firewall profile is assigned to all new network connections. A. Domain B. Private C. Public D. Home 70-642 Objective 3.5: Configure firewall settings 122. Which of the following is the firewall profile that blocks all incoming traffic? A. Private B. Domain C. Office D. Public 70-642 Objective 3.5: Configure firewall settings 123. Unless changed manually, the settings on which firewall profile will not allow any kind of incoming connections? A. Public B. Private C. Domain D. Home 70-642 Objective 3.5: Configure firewall settings 124. Which two firewall profile types will allow some incoming connections by default? A. Private B. Home C. Domain D. Public E. Office 70-642 Objective 3.5: Configure firewall settings 125. Which one of the following statements regarding firewalls is true? 1. If you add a Windows feature it will automatically enable the correct rules for that feature. 2. If you add a third-party program, Windows will automatically enable the correct rules for the program. A. The first statement is true B. The second statement is true C. Both statements are true D. Neither is true 70-642 Objective 3.5: Configure firewall settings
5
130
MCTS: Windows Server 2008 70-642 Q&A
126. You are in charge of an internal server.You want to allow only certain subnets that contain possible users to be able to connect to the server. Which of the following should you use to do this? A. Firewall profile B. Firewall scope C. Port filtering D. None of the above 70-642 Objective 3.5: Configure firewall settings 127. Match the following options of the Rule Type page with their uses. Option Program Predefined Custom Port Option
Rule Type Blocks connections for a specific executable file. Blocks connections for a specific TCP or UDP port number. Controls connections for Windows components. Can combine program and port information.
70-642 Objective 3.5: Configure firewall settings 128. Which option of the Rule Type page will allow you to block connections for a specific executable file? A. Program B. Port C. Predefined D. Custom 70-642 Objective 3.5: Configure firewall settings 129. You are asked to block connections for a specific port.You are on the Rule Type page.Which of the following options need to be modified to do this? A. Program B. Port C. Predefined D. Custom 70-642 Objective 3.5: Configure firewall settings
Chapter 5
Configuring Network Access
131
130. If you want to allow a specific application to connect only on specific internal subnets, which of the following should you use? A. Firewall profiles B. Firewall scope C. Filtering D. None of the above 70-642 Objective 3.5: Configure firewall settings 131. Which of the following firewall options on the Rule Type page will allow you to control connections for a Windows component? A. Program B. Port C. Predefined D. Custom 70-642 Objective 3.5: Configure firewall settings 132. Select the correct firewall option from the Rule Type page that will allow you to combine program and port information. A. Program B. Port C. Predefined D. Custom 70-642 Objective 3.5: Configure firewall settings 133. Which of the following is NOT one of the options from the Action page in the New Inbound Rule wizard? A. Allow the connection B. Allow the connection if it is secure C. Allow the connection from a specified source D. Block the connection 70-642 Objective 3.5: Configure firewall settings 134. The Windows Firewall option to “Allow the Connection If It Is Secure” on the Action page of the New Inbound Rule wizard requires which type of protection? A. EAP B. WAP C. LDAP D. IPSec 70-642 Objective 3.5: Configure firewall settings
5
132
MCTS: Windows Server 2008 70-642 Q&A
135. Which of the following statements about the Action page of the New Inbound Rule wizard of Windows Firewall is true? 1. The Allow Connection option will allow all connections to connect. 2. The Block the Connection option will block only those specified in the previous pages of the wizard. A. The first statement is true B. The second statement is true C. Both statements are true D. Both statements are false 70-642 Objective 3.5: Configure firewall settings 136. What does the Allow Connection option do on the Action page of the New Inbound Rule wizard of Windows Firewall? A. Allows all connections from any source B. Allows connections only from the sources specified in the previous pages C. Allows any connection from a source that does not match the criteria specified in the previous pages. D. None of the above 70-642 Objective 3.5: Configure firewall settings 137. From a security standpoint, which of the following is more risky to a computer network? A. Allowing outbound connections B. Allowing inbound connections C. Both are high risk D. Neither has any risk 70-642 Objective 3.5: Configure firewall settings 138. From of the following issues, select the one that CANNOT be solved by blocking outbound connections. A. Malware sending confidential information to an outside source. B. Worms or viruses trying to replicate other computers. C. Worms or viruses trying to infect a computer from a local source. D. Users accessing unapproved applications to send information to the Internet. 70-642 Objective 3.5: Configure firewall settings 139. By default, which of the following does not have outbound rules enabled? A. DHCP requests B. DNS requests C. IPv4 and related protocols D. IPv6 and related protocols 70-642 Objective 3.5: Configure firewall settings
Chapter 5
Configuring Network Access
133
140. You are the administrator of a network and you want to allow a mobile computer to Remote Desktop into your network. Which of the following precautions would you take to prevent issues with your firewall? A. Add exceptions for each mobile computer B. Add a firewall scope for the subnet that the mobile computer will use C. Disable the firewall D. None of the above 70-642 Objective 3.5: Configure firewall settings 141. You are the administrator of a network where the accounting users run a program that sends confidential accounting data to a central server.You have a firewall, but the program has no built-in authorization methods to prevent unauthorized users from accessing this data.Which of the following should you do to fix this problem? A. Add a firewall scope for the accounting subnet B. Add a firewall connection authorization for the accounting group C. Make the firewall block all connections to the data D. Find a new program 70-642 Objective 3.5: Configure firewall settings 142. Which of the following GPO nodes can only be used on Windows Vista and Windows Server 2008 computers? A. Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall With Advanced Security\Windows Vista and Windows Server 2008 B. Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall With Advanced Security\Windows Firewall with Advanced Security C. Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Windows Firewall D. Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Windows Firewall\Windows Vista and Windows Server 2008 70-642 Objective 3.5: Configure firewall settings 143. Which of the following nodes can be used on Windows XP,Windows Server 2003,Windows Vista, and Windows Server 2008? A. Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall With Advanced Security\Windows Vista and Windows Server 2008 B. Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall With Advanced Security\Windows Firewall with Advanced Security C. Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Windows Firewall D. Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Windows Firewall\Windows Vista and Windows Server 2008 70-642 Objective 3.5: Configure firewall settings
5
134
MCTS: Windows Server 2008 70-642 Q&A
144. When managing Windows Firewall settings by using Group Policy, which of the following is true about using the GPOs? A. You should create only one GPO that covers all versions of Windows B. You should create separate GPOs for each Windows Vista/Windows Server 2008 and Windows XP/Windows Server 2003 C. You should only create a GPO for Windows Vista/Windows Server 2008 computers D. None of the above is true 70-642 Objective 3.5: Configure firewall settings 145. If you want to monitor the traffic that the firewall is blocking, what should you enable? A. Filtering B. Scope C. Authorization D. Logging 70-642 Objective 3.5: Configure firewall settings 146. By default, where does Windows store log entries? A. %SystemRoot%\System32\LogFiles\Firewall\Pfirewall.log B. %SystemRoot%\Windows\Windows Firewall\Pfirewall.log C. %SystemRoot%\Windows\LogFiles\Windows Firewall\Pfirewall.log D. %SystemRoot%\LogFiles\Firewall\Pfirewall.log 70-642 Objective 3.5: Configure firewall settings 147. By default, Windows Firewall stores how much of the log data? A. Last 5MB B. Last 5GB C. Last 4KB D. Last 128KB 70-642 Objective 3.5: Configure firewall settings 148. Which of the following is a simple tool that can be used to find port numbers for outgoing communication from programs running on that computer? A. Ping B. TraceRT C. PathPing D. Netstat 70-642 Objective 3.5: Configure firewall settings
Chapter 5
Configuring Network Access
135
149. After you run a netstat –a –b command on a computer running the dtilearning.exe program, you get the following results: Proto Local Address TCP 0.0.0.0:135 [dtilearning.exe]
Foreign Address DCserver1:0
State Listening
What is the port number that the program is listening on? A. 0 B. 0.0.0.0 C. 135 D. Cannot determine from the information given 70-642 Objective 3.5: Configure firewall settings 150. Which of the following is NOT a default mobile firewall profile? A. Domain B. Home C. Private D. Public 70-642 Objective 3.5: Configure firewall settings 151. When you connect to a free hotspot such as a coffee shop or airport, you should use which firewall profile? A. Domain B. Private C. Secure D. Public 70-642 Objective 3.5: Configure firewall settings 152. By default, which firewall profile will block all incoming traffic but will allow outgoing traffic? A. Public B. Private C. Domain D. None of the above 70-642 Objective 3.5: Configure firewall settings 153. You are put in charge of configuring the firewall rules for the servers in your network.Which of the following should you do to ensure that the servers will still operate without a Domain Controller if they fail? A. You should only configure the Domain profile B. You should only modify the Domain and Public profiles C. You should configure all of the profile types D. You should configure the Public and Private profile types 70-642 Objective 3.5: Configure firewall settings
5
136
MCTS: Windows Server 2008 70-642 Q&A
154. What is the purpose of a firewall? A. To remove viruses and worms B. To block all traffic C. To drop unwanted traffic but allow wanted traffic D. To stop hackers 70-642 Objective 3.5: Configure firewall settings 155. Which of the following is NOT a valid wireless authentication method? A. Computer Only B. User Only C. Domain Only D. Computer and User 70-642 Objective 3.3: Configure network authentication 156. What is the best way to issue trusted certificates to clients? A. Use a RADIUS server B. Use a DHCP server C. Use an enterprise PKI D. Use PEAP 70-642 Objective 3.3: Configure network authentication 157. If you want to send requests to different RADIUS servers that are based on different criteria, what should you use? A. A DNS server B. A firewall C. A RADIUS proxy D. None of the above 70-642 Objective 3.3: Configure network authentication 158. You are in charge of a network that has multiple RADIUS servers. One of the servers is having issues with the amount of traffic it is receiving.Which of the following should you do to solve this? A. Use a RADIUS proxy B. Add another RADIUS server C. Add more network infrastructure D. None of the above 70-642 Objective 3.3: Configure network authentication
Chapter 5
Configuring Network Access
137
159. Which of the following could be seen as a standards-based authentication mechanism? A. DNS B. DHCP C. RADIUS D. None of the above 70-642 Objective 3.3: Configure network authentication 160. Another name for a RADIUS log file is? A. IAS log B. RAD log C. RS log D. WPA log 70-642 Objective 3.3: Configure network authentication 161. Where is the RADIUS log file stored by default? A. %SystemRoot%\system32 B. %SystemRoot%\Windows C. %SystemRoot%\Windows\LogFiles D. %SystemRoot%\system32\LogFiles 70-642 Objective 3.3: Configure network authentication 162. If a wireless user attempts to connect to an access point that is configured to use a Windows Server 2008 computer as a RADIUS server, which of the following will happen? A. The system will block the user from logging on B. The system will monitor all activity of the user C. The system will add an event to the Security event log D. None of the above 70-642 Objective 3.3: Configure network authentication 163. Failed attempts to access an access point will show up as what in the Security event log? A. Failed B. Denied C. Audit denied D. Audit failure 70-642 Objective 3.3: Configure network authentication 164. Attempts to connect to an access point that are accepted by the RADIUS authentication are shown as which in the event log? A. Success B. Pass C. Audit success D. Audit pass 70-642 Objective 3.3 Configure network authentication
5
138
MCTS: Windows Server 2008 70-642 Q&A
165. Which of the following is the correct command to enable trace logging? A. netsh ras set tr * en B. netsh tr log C. netsh trace D. netsh logging 70-642 Objective 3.3: Configure network authentication 166. Where is the default location for the trace log? A. %SystemRoot%\IASNAP.log B. %SystemRoot%\system32\tracing\IASNAP.log C. %SystemRoot%\tracing\IASNAP.log D. %SystemRoot%\Windows\IASNAP.log 70-642 Objective 3.3: Configure network authentication 167. What type of log will provide you with the most detailed information that can be used for troubleshooting? A. RADIUS log B. IAS log C. Trace log D. They all give the same amount of information 70-642 Objective 3.3: Configure network authentication 168. Which of the following is the most common form of wireless network? A. 802.11a B. 802.11b C. 802.11g D. 802.11n 70-642 Objective 3.4: Configure wireless access 169. Which of the following network types has a theoretical network throughput of 54 Mbps? A. 802.11a B. 802.11b C. 802.11g D. 802.11n 70-642 Objective 3.4: Configure wireless access 170. What is the benefit of using 802.11g in 802.11g-only mode? A. Better security B. Improved reliability C. Improved speed D. None of the above 70-642 Objective 3.4: Configure wireless access
Chapter 5
Configuring Network Access
139
171. Which mode of 802.11g will allow 802.11g to connect to 802.11b networks? A. Multiple mode B. Mixed mode C. 802.11g-only D. 802.11g-b mode 70-642 Objective 3.4: Configure wireless access 172. Which type of 802.11 wireless networks uses a different frequency range? A. 802.11a B. 802.11b C. 802.11g D. 802.11n 70-642 Objective 3.4: Configure wireless access 173. Which of the following is the weakest form of wireless network security? A. WEP 64-bit B. WEP 128-bit C. WPA-PSK D. WPA-EAP 70-642 Objective 3.4: Configure wireless access 174. Which of the following types of remote access allows a user to connect to a target network without needing a connection to the Internet? A. Dial-up B. VPN C. Both A and B D. None of the above 70-642 Objective 3.1: Configure remote access 175. Which of the following is a major drawback of using VPN as your remote access choice? A. Poor latency B. High cost C. Poor bandwidth D. None of the above 70-642 Objective 3.1: Configure remote access
5
This page intentionally left blank
CHAPTER
6
CONFIGURING FILE AND PRINT SERVICES T
his chapter contains 104 questions that all fall under Microsoft’s fourth main exam objective for the 70-642 exam, “Configuring File and Print Services.” This main objective consists of the following six sub-objectives: ■ ■ ■ ■ ■ ■
Configure a file server Configure Distributed File System (DFS) Configure shadow copy services Configure backup and restore Manage disk quotas Configure and monitor print services
TEST PREPARATION QUESTIONS 1. Which of the following commands will give you information on how to configure NTFS permissions from a script or command prompt? A. ntfs/? B. icacl/help C. icacls/? D. icancals/permissions 70-642 Objective 4.1: Configure a file server 2. Which of the following NTFS file permissions gives full access to a specific user and administrator but denies all access to other users? A. System files B. Program files C. User files D. None of the above 70-642 Objective 4.1: Configure a file server
141
6
142
MCTS: Windows Server 2008 70-642 Q&A
3. The default NTFS permission that does not allow users to write to the %SystemRoot% folder is which of the following? A. User files B. System files C. Root files D. Program files 70-642 Objective 4.1: Configure a file server 4. What are the default NTFS permissions for the %ProgramFiles% folder? A. Give administrators full control but users read-only access B. Allow users and administrators to read and write C. Allow users to read and write but allow administrators to read-only D. None of the above 70-642 Objective 4.1: Configure a file server 5. You are the administrator of a network and want to allow a specific user to view the files in a folder, but not to open them. Which permission should you assign to this user? A. List Folder Contents B. Read C. Write D. Modify 70-642 Objective 4.1: Configure a file server 6. You are in charge of applying permissions to users in a network.You want to allow a specific user only the ability to view a file. Which of the following permissions should you give the user? A. List Folder Contents B. Read and Execute C. Read D. Write 70-642 Objective 4.1: Configure a file server 7. You are the administrator of a network.You want to allow a specific group of users the ability to run applications but not to modify the files in any way. Which permission should you apply to this group? A. Read and Execute B. Read C. Write D. Modify 70-642 Objective 4.1: Configure a file server
Chapter 6
Configuring File and Print Services
143
8. You are in charge of setting file permissions for a network.You want to allow users to add files to a folder, but not be allowed to view the other files or modify them.Which of the following permissions should you apply? A. Read and Execute B. Write C. Modify D. Full control 70-642 Objective 4.1: Configure a file server 9. You are in charge of setting up file permissions for a network.You want to allow a group of users to read, edit, and delete files and folders. Which permissions should you apply? A. Modify B. Read and execute C. Write D. Full control 70-642 Objective 4.1: Configure a file server 10. You are the administrator of a network.You want to give yourself the ability to modify the permissions of a file or folder. Which permission should you assign yourself for this file or folder? A. Read and execute B. Write C. Modify D. Full control 70-642 Objective 4.1: Configure a file server 11. Which of the following is the correct command to grant a user administrator write and delete permissions to a file? A. icacls c:\windows\* /save AclFile /T B. icacls file /grant write :(D, WDAC) C. icacls file /grant delete :(D, WDAC) D. icacls file /grant administrator:(D, WDAC) 70-642 Objective 4.1: Configure a file server 12. Which of the following will protect files and folders if an attacker removes the hard disk and places it in another computer? A. NTFS B. IPSec C. EFS D. None of the above 70-642 Objective 4.1: Configure a file server
6
144
MCTS: Windows Server 2008 70-642 Q&A
13. Which of the following options from the EFS Properties dialog box will prevent the use of software certificates for EFS if it is checked? A. File Encryption Using Encrypting File System (EFS) B. Encrypt the Contents of the User’s Documents Folder C. Require a Smart Card for EFS D. Create Caching-Capable User Key From Smart Card 70-642 Objective 4.1: Configure a file server 14. Which of the following Group Policy settings will encrypt offline files? A. Computer Configuration\Policies\Administrative Templates\Network\Offline B. Computer Configuration\Policies\Administrative Templates\Network\Offline Encrypt the Offline Files Cache C. Computer Configuration\Policies\Administrative Templates\Network\Offline Allow Indexing of Encrypted Files D. Computer Configuration\Policies\Administrative Templates\Network\Offline for Offline Files 70-642 Objective 4.1: Configure a file server
Files\EFS Files\ Files\ Files\EFS
15. If you want to disable the ability to index encrypted files, which Group Policy setting would you use? A. Computer Configuration\Policies\Administrative Templates\Network\Offline Files\ Encrypt the Offline Files Cache B. Computer Configuration\Policies\Administrative Templates\Windows Components\ Search\Allow Indexing of Encrypted Files C. Computer Configuration\Policies\Administrative Templates\Network\Offline Files\EFS for Offline Files D. Computer Configuration\Policies\Administrative Templates\Windows Components\Search\Allow Indexing with EFS 70-642 Objective 4.1: Configure a file server
Chapter 6
Configuring File and Print Services
145
16. Match the following roles from the Select Role Services page with their uses. Role File Server Resources Manager Services for Network File System File Server Windows Search Service Windows Server 2003 File Services Distributed File System Role
Use Allows the use of the Share and Storage Management snap-in. Enables the sharing of files using the DFS namespace. Will install tools for creating storage reports and configuring quotas. Allows you to connect to the UNIX client computers that use FS for file sharing. Allows for faster searching. Gives compatibility for computers running Windows Server 2003.
70-642 Objective 4.1: Configure a file server 17. You want to make it so a server can use the Share and Storage Management snap-in.Which role should you add? A. File Server B. File Server Resources Manager C. Services for Network File System D. Windows Search service 70-642 Objective 4.1: Configure a file server 18. You want to install tools to your server that will allow you create storage reports, configure quotas, and define file-screening policies. Which role should you assign to get these results? A. File Server B. Services for Network File System C. File Server Resources Manager D. Windows Search Service 70-642 Objective 4.1: Configure a file server
6
146
MCTS: Windows Server 2008 70-642 Q&A
19. Which of the following Windows Server 2008 technologies would you utilize to control file access on a file server while Windows is running? Select the best answer. A. DFS B. EFS C. NTFS D. All of the above 70-642 TS Objective 4.1: Configure a file server 20. Which of the following Windows Server 2008 technologies would you utilize to control file privacy on a file server? A. DFS B. EFS C. NTFS D. All of the above 70-642 TS Objective 4.1: Configure a file server 21. Which of the following Windows Server 2008 technologies would you utilize to provide redundancy on a file server? A. DFS B. EFS C. NTFS D. Quotas 70-642 TS Objective 4.1: Configure a file server 22. Which of the following Windows Server 2008 technologies would you utilize to provide replication between file servers? A. DFS B. EFS C. NTFS D. None of the above 70-642 TS Objective 4.1: Configure a file server 23. Which of the following Windows Server 2008 technologies would you utilize to control file space utilization on a file server? A. DFS B. EFS C. NTFS D. Quotas 70-642 TS Objective 4.1: Configure a file server
Chapter 6
Configuring File and Print Services
147
24. Which of the following Windows Server 2008 technologies would you utilize to recover from file corruption on a file server? A. DFS B. Shadow copies C. EFS D. NTFS 70-642 TS Objective 4.1: Configure a file server 25. The NTFS file system provides default permissions for three different file types.Which of the following is NOT one of the three file types? A. User files B. System files C. Windows files D. Program files 70-642 TS Objective 4.1: Configure a file server 26. Which of the following NTFS basic file types gives users full control of their own files? A. User files B. System files C. Program files D. All of the above 70-642 TS Objective 4.1: Configure a file server 27. Which of the following NTFS basic file types gives users read permission but not write permissions to files of this type? A. User files B. System files C. Program files D. All of the above 70-642 TS Objective 4.1: Configure a file server 28. Which of the following NTFS basic file types gives users read and run access? A. User files B. System files C. Program files D. Windows files 70-642 TS Objective 4.1: Configure a file server 29. Which of the following NTFS basic file types gives administrators full control of files? A. User files B. System files C. Program files D. All of the above 70-642 TS Objective 4.1: Configure a file server
6
148
MCTS: Windows Server 2008 70-642 Q&A
30. What are the default user access permissions to any new folder created in the root of a disk? A. Full control B. Run C. Read D. No access 70-642 TS Objective 4.1: Configure a file server 31. What are the default administrator access permissions to any new folder created in the root of a disk? A. Full control B. Run C. Read D. No access 70-642 TS Objective 4.1: Configure a file server 32. Which of the following is a valid permission that an administrator may need to assign to users or groups to control file or folder permissions on a file server? A. List Folder Contents B. Read and Execute C. Write D. Modify E. Full control F. All of the above 70-642 TS Objective 4.1: Configure a file server 33. Which of the following permissions is designed to give a user the rights to view and open the contents of a folder and run an application? Select the best answer. A. List folder contents B. Read C. Write D. Read and Execute E. Modify 70-642 TS Objective 4.1: Configure a file server 34. Where is the Security tab located that allows you to edit Permissions? A. Advanced tab B. Control Panel C. File or Folder Properties dialog box D. All of above 70-642 TS Objective 4.1: Configure a file server
Chapter 6
Configuring File and Print Services
149
35. Marsha is a member of the marketing group.The marketing group has full control of the marketing shared folder on the FILE01 file server. Which of the following will remove the full control permission from Marsha? A. Marsha becomes a member of the sales group, which has Read permission to the marketing share B. Marsha is assigned Read and Execute permission on her user account C. Marsha becomes a member of the Public Group, which has Deny permission to the Marketing share D. Any of the above will remove Marsha’s full control permission 70-642 TS Objective 4.1: Configure a file server 36. There are six file and seven standard folder permissions that can be applied to both users and groups. If the standard permissions do not meet your needs, there are a dozen or so more permissions available. How do you assign special permissions? A. From the Special tab of the File or Folder Properties dialog box B. From the Security tab C. From the Advanced tab D. From the Advanced button on the Security tab 70-642 TS Objective 4.1: Configure a file server 37. NTFS file permissions can be assigned from a command prompt or can be scripted. Which of the following commands would you use? A. incan B. ical C. icals D. Permissions cannot be assigned at the command prompt 70-642 TS Objective 4.1: Configure a file server 38. In which of the following situations are NTFS permissions in effect? A. When logged on locally B. When accessing folders across the network C. On an Active Directory domain D. All of the above 70-642 TS Objective 4.1: Configure a file server 39. Which of the following techniques can someone use to successfully access NTFS protected files or folders? A. Remove the hard disk containing the files and install it on a different computer B. Reinstall the operating system from the actual physical computer where the files or folders are located C. Boot the computer on a different operating system with a boot disk D. All of the above 70-642 TS Objective 4.1: Configure a file server
6
150
MCTS: Windows Server 2008 70-642 Q&A
40. Which of the following techniques can someone use to successfully access EFS protected files or folders? A. Remove the hard disk containing the files and install them on a different computer B. Reinstall the operating system from the actual physical computer where the files or folders are located C. Boot the computer on a different operating system with a boot disk D. None of the above 70-642 TS Objective 4.1: Configure a file server 41. Where do you find the EFS encryption option? A. From the Advanced button on the General tab B. On the Special tab of the File or Folder Properties dialog box C. On the Security tab D. On the Advanced tab 70-642 TS Objective 4.1: Configure a file server 42. When EFS is enabled on certain files, how do those files appear when viewed in Windows Explorer? A. Normal looking B. Blue C. Green D. Pink 70-642 TS Objective 4.1: Configure a file server 43. The first time EFS is enabled on a standalone computer, you may be prompted to back up your key. Do you need to back up the key? A. Keys are stored in AD and don’t need to be backed up B. Backup keys are important in case you lose your password C. Backup keys are important for standalone computers D. EFS files can be accessed by copying them to another computer 70-642 TS Objective 4.1: Configure a file server 44. If you need to share an EFS protected file on the network, you will have to do which of the following? A. You cannot share EFS encrypted files B. Open the Properties box, select Advanced, and then add the shared user to the User Access dialog box C. Open the Properties box, select Advanced, and then select Share D. Nothing 70-642 TS Objective 4.1: Configure a file server
Chapter 6
Configuring File and Print Services
151
45. Which of the following Windows operating systems have the File Services server role? A. Windows Server B. Windows Server 2000 C. Windows Server 2003 D. Windows Server 2008 E. All of the above 70-642 TS Objective 4.1: Configure a file server 46. Which of the following File Services roles will support connectivity for UNIX clients? A. File Server B. DFS C. File Server Resources Manager D. Services for Network File Systems E. Windows Search Service 70-642 TS Objective 4.1: Configure a file server 47. Which of the following File Services roles will allow you to use the Share and Storage Management snap-in? A. DFS B. File Server C. File Server Resources Manager D. Services for Network File Systems E. Windows Search Service 70-642 TS Objective 4.1: Configure a file server 48. Which of the following File Services roles will prompt you to configure a namespace to utilize it? A. DFS B. File Server C. File Server Resources Manager D. Services for Network File Systems E. Windows Search Service 70-642 TS Objective 4.1: Configure a file server 49. Which of the following File Services roles will support configuring disk quotas? A. File Server B. DFS C. File Server Resources Manager D. Services for Network File Systems E. Windows Search Service 70-642 TS Objective 4.1: Configure a file server
6
152
MCTS: Windows Server 2008 70-642 Q&A
50. Which of the following File Services roles will prompt you to enable indexing on the local disks? A. File Server B. DFS C. File Server Resources Manager D. Services for Network File Systems E. Windows Search Service 70-642 TS Objective 4.1: Configure a file server 51. Which of the following File Services roles will support connectivity for Windows Server 2003 file servers? A. File Server B. DFS C. File Server Resources Manager D. Windows Server 2003 File Services E. Windows Search Service 70-642 TS Objective 4.1: Configure a file server 52. Which of the following File Services roles will install tools for generating storage reports? A. File Server B. DFS C. File Server Resources Manager D. Services for Network File Systems E. Windows Search Service 70-642 TS Objective 4.1: Configure a file server 53. Which of the following File Services roles will allow files to be replicated between servers? A. File Server B. DFS C. File Server Resources Manager D. Services for Network File Systems E. Windows Search Service 70-642 TS Objective 4.1: Configure a file server 54. Which of the following File Services roles will support connectivity for clients that use Network File System (NFS) for file sharing? A. File Server B. DFS C. File Server Resources Manager D. Services for Network File Systems E. Windows Search Service 70-642 TS Objective 4.1: Configure a file server
Chapter 6
Configuring File and Print Services
153
55. Which of the following File Services roles will support defining file screening policies? A. File Server Resources Manager B. File Server C. DFS D. Services for Network File Systems E. Windows Search Service 70-642 TS Objective 4.1: Configure a file server 56. Which of the following File Services roles is not intended for enterprise use? A. File Server B. DFS C. File Server Resources Manager D. Services for Network File Systems E. Windows Search Service 70-642 TS Objective 4.1: Configure a file server 57. You are adding the File Services roles to your Windows Server 2008 machine.Where do you begin? A. Open Server Manager B. Use the command prompt C. Open the MMC D. Any of the above 70-642 TS Objective 4.1: Configure a file server 58. Which of the following is NOT a File Services role? A. File Server B. DFS C. File Server Resources Manager D. Services for Network File Systems E. IIS 70-642 TS Objective 4.1: Configure a file server 59. Disk quotas are used to monitor user disk space usage. Which of the following can be used to configure disk quota in Windows Server 2008? A. Quota Management console B. The dirQuota command C. Group Policy D. Windows Explorer E. All of the above 70-642 TS Objective 4.5: Manage disk quotas
6
154
MCTS: Windows Server 2008 70-642 Q&A
60. Which disk quota tool is recommended for Windows Server 2008? A. Quota Management console B. DirQuota C. Group Policy D. Windows Explorer 70-642 TS Objective 4.5: Manage disk quotas 61. Which of the following Windows Server 2008 Services roles will you install to use the Quota Management console? A. File Server B. DFS C. File Server Resources Manager D. Services for Network File Systems E. Windows Search Service 70-642 TS Objective 4.5: Manage disk quotas 62. The Quota Management console provides which of the following to manage disk storage in Windows Server 2008? A. Hard Quota B. Extensions C. E-mail warning D. Soft Quotas E. All of the above 70-642 TS Objective 4.5: Manage disk quotas 63. The Quota Management console is based on standard templates as examples but custom templates can be created. What is the first step in creating a custom template? A. Download the custom template B. In the Quota Template dialog box, click New Custom Template C. Copy a standard template D. Any of the above 70-642 TS Objective 4.5: Manage disk quotas 64. Which of the following defines what happens when a user reaches a quota or percentage of a quota? A. Threshold B. Alert C. Critical Warning D. Step 70-642 TS Objective 4.5: Manage disk quotas
Chapter 6
Configuring File and Print Services
155
65. Which of the following are options on the Add Threshold dialog box? A. Email B. Command C. Event log D. Report E. All of the above 70-642 TS Objective 4.5: Manage disk quotas 66. Disk quotas can be configured at the command prompt. Which of the following commands will create a 200MB hard limit on D:\data? A. quota add /path:D:\data /Limit:200MB/Hard B. dirQuota add/path:D:\data /Limit:200MB/Hard C. dirQuota Quota add /path:D:\data /Limit:200MB/Hard D. dirQuota Quota add/path:D:\data /Limit:200MB/Type:Hard 70-642 TS Objective 4.5: Manage disk quotas 67. To obtain information on using the dirQuota command, which of the following commands would you use? A. dirQuota help B. dirQuota /help C. dirQuota /? D. Any of the above will work 70-642 TS Objective 4.5: Manage disk quotas 68. When using disk quotas in Windows Explorer, events are logged when the “Log Event When a User Exceeds their Quota Limit” check box is selected.What is the event ID for this in the system log? A. 36 B. 37 C. 63 D. 64 70-642 TS Objective 4.5: Manage disk quotas 69. When using disk quotas in Windows Explorer, events are logged when the “Log Event When a User Exceeds their Warning Level” check box is selected. What is the event ID for this in the system log? A. 36 B. 37 C. 63 D. 64 70-642 TS Objective 4.5: Manage disk quotas
6
156
MCTS: Windows Server 2008 70-642 Q&A
70. Disk quotas can be enforced with Group Policy settings in Group Policy Manager. Which one of the following policies turns on disk quotas? A. Default Quota Limit and Warning Level B. Log Events When Quota Limit Exceeded C. Enforce Disk Quota Limit D. Enable Disk Quotas 70-642 TS Objective 4.5: Manage disk quotas 71. Disk quotas can be enforced with Group Policy settings in Group Policy Manager. Which one of the following policies defines the quota limit? A. Default Quota Limit and Warning Level B. Log Events When Quota Limit Exceeded C. Enforce Disk Quota Limit D. Enable Disk Quotas 70-642 TS Objective 4.5: Manage disk quotas 72. Disk quotas can be enforced with Group Policy settings in Group Policy Manager. Which one of the following policies will deny disk space to users exceeding quota limits? A. Default Quota Limit and Warning Level B. Log Events When Quota Limit Exceeded C. Enforce Disk Quota Limit D. Enable Disk Quotas 70-642 TS Objective 4.5: Manage disk quotas 73. Sharing a folder from Windows Explorer allows users on other computers to access the share locally on their computers.Which of the following permissions found in the Windows Server 2008 File Sharing dialog box provides just read and write access? A. Reader B. Contributor C. Co-owner D. Owner 70-642 TS Objective 4.1: Configure a file server 74. The Provision a Shared Folder wizard allows you to do which of the following by following the steps in the wizard? A. Configure quotas B. Set NTFS permissions C. Set share protocols D. Filter file types E. Publish to DFS F. All of the above 70-642 TS Objective 4.2: Configure Distributed File System
Chapter 6
Configuring File and Print Services
157
75. Client computers can connect to shared folders across the network with the following format: \\server_name\share_name. Which of the following best describes this format? A. DFS B. Net share C. UNC D. SMB 70-642 TS Objective 4.2: Configure Distributed File System 76. What is the main advantage of an organization utilizing the Distributed File System? A. It provides for hundreds of file servers B. It allows you to connect to a share with a UNC path C. It provides a single namespace and single drive letter for all shares D. All of the above 70-642 TS Objective 4.2: Configure Distributed File System 77. If your Active Directory domain is DTILearning.com, which of the following would you use to create the DFS namespace? A. DTILearning.local B. DFS.DTILearning C. \\dtilearning\dts D. \\dtilearning.com\dfs_name 70-642 TS Objective 4.2: Configure Distributed File System 78. After adding the DFS role to your Windows Server 2008 computer, which of the following names will you need to enter into the DFS New Namespace wizard? A. Server name B. Share name C. Domain name D. All of the above 70-642 TS Objective 4.2: Configure Distributed File System 79. After the DFS service is installed and the namespace is created, the DFS settings are adjusted using the Namespace Properties dialog box. Which of the Namespace Properties dialog box tabs allows you to enter a description for the namespace? A. General B. Referrals C. Advanced D. None of the above has that option 70-642 TS Objective 4.2: Configure Distributed File System
6
158
MCTS: Windows Server 2008 70-642 Q&A
80. After the DFS service is installed and the namespace is created, the DFS settings are adjusted using the Namespace Properties dialog box. Which of the Namespace Properties dialog box tabs allows you to change how clients access the root of the namespace? A. General B. Referrals C. Advanced D. None of the above 70-642 TS Objective 4.2: Configure Distributed File System 81. After the DFS service is installed and the namespace is created, the DFS settings are adjusted using the namespace properties dialog box. Which of the Namespace Properties dialog box tabs allows you to choose from querying a PDC or using the closest DC for namespace changes? A. General B. Referrals C. Advanced D. None of the above has that option 70-642 TS Objective 4.2: Configure Distributed File System 82. The Referrals tab of the DFS Properties dialog box controls how multiple targets in a referral list are ordered.Which of the following options will direct DFS clients to the closest target computer? A. Random Order B. Lowest Cost C. Exclude Targets Outside of Client Site D. None of the above 70-642 TS Objective 4.2: Configure Distributed File System 83. One of Windows Server 2008 backup capabilities is the shadow copies feature.Which of the following best describes its main purpose? A. Network backup capability B. Off-site backups C. Allows backup software access to file in use D. All of the above 70-642 TS Objective 4.3: Configure shadow copy services 84. On which tab of the Managing Shadow Copies dialog box would you set the size limits for the shadow copy? A. Shadow Copies dialog box B. Select a Volume list C. Settings D. Schedule 70-642 TS Objective 4.3: Configure shadow copy services
Chapter 6
Configuring File and Print Services
159
85. If an application updates a file after a shadow copy is made, the old file is replaced with the new one. A. True B. False 70-642 TS Objective 4.3: Configure shadow copy services 86. From the command prompt, which command would you use to view available shadow copies and the time they were created? A. list shadows B. vssadmin shadowsstorage C. vssadmin list shadows D. vassadmin listshadowsstorage 70-642 TS Objective 4.3: Configure shadow copy services 87. Which command would you use at the command prompt to view the storage currently allocated to shadow copies? A. vssadmin list Original Volume B. vssadmin list shadowstorage C. vssadmin show Originating Machine D. vssadmin view Shadow copy volume 70-642 TS Objective 4.3: Configure shadow copy services 88. Windows Backup creates an image in a folder in the root of the backup media. What is that folder called? A. WindowsBackup B. WindowsImage C. WindowsImagBkup D. WindowsImageBackup 70-642 TS Objective 4.4: Configure backup and restore 89. The Windows Backup disk images are in the same format as the Complete PC Backup files created in Windows Vista. What is the naming format for the .vhd disk image? A. "Backup" B. "Backup" C. "Backup<month>" D. "Backup<month>" 70-642 TS Objective 4.4: Configure backup and restore 90. The Windows Backup Scheduling wizard can schedule a backup to run automatically.Which of the following does scheduling a backup require? A. Shared folder B. Network share C. Dedicated local disk D. Any of the above 70-642 TS Objective 4.4: Configure backup and restore
6
160
MCTS: Windows Server 2008 70-642 Q&A
91. The Windows Backup Scheduling wizard is used to schedule a backup to run automatically. After selecting the local dedicated disk on the Select Destination Disk page to hold the backup, what does the wizard do next? A. Labels the disk B. Formats the drive C. Asks you to name the backup D. None of the above 70-642 TS Objective 4.4: Configure backup and restore 92. Backups can be performed from a command prompt with which of the following commandline tools? A. wbadmin B. vssadmin C. icadmin D. wbadmin 70-642 TS Objective 4.4: Configure backup and restore 93. To run a backup using the wbadmin tool, which of the following commands would you add to the –backupTarget parameters? A. wbadmin B. wbadmin start backup C. wbadmin run D. wbadmin backup 70-642 TS Objective 4.4: Configure backup and restore 94. To recover files using the Windows Server Backup, you use the Recovery wizard. Which of the following types of recovery can you choose from? A. Files and Folders B. Volumes C. Applications D. All of the above 70-642 TS Objective 4.4: Configure backup and restore 95. In the event that Windows Server does not start, you can still recover the system volume from a backup. How will you start the computer to begin the recovery? A. From a boot disk B. From a DOS disk C. From the Windows Server 2008 media D. Any of the above will work 70-642 TS Objective 4.4: Configure backup and restore
Chapter 6
Configuring File and Print Services
161
96. What is the Windows backup option called that will restore a Windows Server 2008 computer completely from a backup? A. System state data B. Windows Backup C. Restore wizard D. Windows Complete PC Restore 70-642 TS Objective 4.4: Configure backup and restore 97. Windows Server 2008 provides printer management through several tools and controls. Which of the following is NOT one of those tools or controls? A. From the Control Panel B. Using the Print Management snap-in C. Using the command line D. From Computer > My Printers 70-642 TS Objective 4.6: Configure and monitor print services 98. While configuring print services in Server Manager, the Print Services Role page describes three roles for printing. Which of the following Print Services roles would you select to use the Line Printer Daemon protocol? A. Print Server B. LPD Service C. Internet Printing D. None of the above 70-642 TS Objective 4.6: Configure and monitor print services 99. While configuring print services in Server Manager, the Print Services Role page describes three roles for printing. Which of the following Print Services roles would you select to use IPP? A. Print Server B. LPD Service C. Internet Printing D. None of the above 70-642 TS Objective 4.6: Configure and monitor print services 100. While configuring print services in Server Manager, the Print Services Role page describes three roles for printing. Which of the following Print Services roles would you select if you wanted to use the Print Management snap-in? A. Print Server B. LPD Service C. Internet Printing D. None of the above 70-642 TS Objective 4.6: Configure and monitor print services
6
162
MCTS: Windows Server 2008 70-642 Q&A
101. When installing a printer, which of the following would be the local printer? A. The wireless printer B. The Bluetooth printer C. The one attached to the network D. The one attached to the server 70-642 TS Objective 4.6: Configure and monitor print services 102. When the Windows Server 2008 Print wizard cannot identify or install the print driver for you, the Install the Print Driver page appears. If you have a CD from the printer’s manufacturer, which of the following options should you use? A. Windows Update to get the latest drivers B. Select Have Disk C. Select a manufacturer D. Select the printer 70-642 TS Objective 4.6: Configure and monitor print services 103. The easiest way to share printers is to right-click the printer in the Control Panel and select Share. In the Print Management snap-in, you then select the printer you want to share and right-click it. What options are available in the Print Management snap-in? A. Render Print Jobs on Client Computers B. Show Printer in Directory C. Allocate This Printer D. All of the above 70-642 TS Objective 4.6: Configure and monitor print services 104. By default everyone can print and manage their own documents.Administrators can also configure printer permissions. Which of the following is NOT a printer permission? A. Manage Documents B. Manage Printers C. Manage Shares D. Print 70-642 TS Objective 4.6: Configure and monitor print services
CHAPTER
7
MONITORING AND MANAGING A NETWORK INFRASTRUCTURE T
his chapter contains 112 questions that all fall under Microsoft’s fifth main exam objective for the 70-642 exam, “Monitoring and Managing a Network Infrastructure.” This main objective consists of the following four sub-objectives: ■ ■ ■ ■
Configure Windows Server Update Services (WSUS) server settings Capture performance data Monitor event logs Gather network data
TEST PREPARATION QUESTIONS 1. What is the Windows Server Update Services (WSUS)? A. Windows Updates B. An offline version of Windows Update C. A private update service D. All of the above 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 2. What is NOT an advantage of using a private version of windows updates versus the Windows Update available from the Internet? A. Controlling bandwidth utilization B. Controlling update distribution C. Getting latest updates D. Gaining administrative control over updates 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 3. Reorder the following list of WSUS update activities into the correct order, from first to last. A. Requests administrative approval B. Prioritizes updates C. Downloads updates D. Connects to Windows Update E. Clients check for updates 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings
163
7
164
MCTS: Windows Server 2008 70-642 Q&A
4. Which of the following does the WSUS client NOT do? A. Checks Windows Update for current critical updates B. Verifies the digital signature C. Notifies the user D. Turns on the computer if it is sleeping 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 5. Which of the following activities will Windows Update Services perform on its client computers? A. Wake and install updates on PCs with supported hardware B. Install and restart PCs C. Install updates when a PC is turned on D. Install updates at a specified time E. All of the above F. None of the above 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 6. The Windows Update client for WSUS verifies the digital signature and hash from the WSUS server. What type of hash algorithm does WSUS use? A. MD5 B. RSA C. AES D. SHA1 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 7. Windows Update settings need to be applied to all the computers that are in your network. Which choice is the best way to apply the settings? A. Specify updates service location B. Use the Group Policy settings C. Specify the web settings D. Any of the above 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 8. Where would you find the Windows Update Group Policy settings? A. Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update B. User Configuration\Policies\Administrative Templates\Windows Components\Windows Update C. Computer Configuration\Administrative Templates\Windows Components\Windows Update D. User Configuration\Administrative Templates\Windows Components\Windows Update 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings
Chapter 7
Monitoring and Managing a Network Infrastructure
165
9. The Automatic Update Detection Frequency policy specifies how often the Windows Update client checks for new updates. What is the default frequency setting? A. 10 hours B. 15 to 20 hours C. 17 to 22 hours D. 20 to 24 hours 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 10. Which of the following Windows Update Group Policy settings determines if the client will install the updates that don’t require a restart right away? A. Specify Internet Microsoft Updates Service B. Configure Automatic Updates C. Allow Automatic Updates Immediate Installation D. Allow Non-Administrators to Receive Update Notifications 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 11. Which of the following Windows Update Group Policy settings is used to configure whether the user is prompted to install the updates or the Windows Update client automatically installs them? A. Specify Internet Microsoft Update Service Location B. Configure Automatic Updates C. Automatic Update Detection Frequency D. Allow Automatic Updates Immediate Installation 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 12. Which one of the following WSUS Group Policy settings is found under both the User configuration and Computer configuration? A. Allow Signed Updates from an Internet Microsoft Update Service B. Enable Windows Update Power Management to Automatically Install Scheduled Updates C. Do Not Display “Install Update and Shut Down Option” in Shut Down Dialog Box D. Delay Restart for Scheduled Installations 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 13. Which one of the following WSUS Group Policy settings is found under the User configuration? A. Allow Signed Updates from an Internet Microsoft Update Service B. Enable Windows Update Power Management to Automatically Install Scheduled updates C. Delay Restart for Scheduled Installations D. Remove Access to Use All Windows Update Features 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings
7
166
MCTS: Windows Server 2008 70-642 Q&A
14. WSUS scales well to large enterprises. What is the number of computers in each regional office that would require a separate WSUS server? A. 5 B. 10 C. 2 D. 7 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 15. What are the typical backup and redundancy requirements for a WSUS server? A. WSUS database backups B. Daily backups and 100% redundancy C. 99.9% availability D. No backup required 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 16. How long can a WSUS server be unavailable in the event of a server failure? A. Daily backups, 100% redundancy, and restore immediately B. Should be restored as soon as possible C. Should be restored within a week of failure D. No backup required 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 17. In a single location, how many WSUS servers are required? A. 1 per 100 B. 1 per 15 C. 1 per 1000 D. 1 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 18. What are the WSUS server requirements for organizations with multiple remote offices connected by WAN links? A. Only one WSUS server is needed per enterprise B. One WSUS server per AD site C. One WSUS server for each remote location that is separated by a WAN connection D. One WSUS server per 100 computers 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 19. How should the WSUS servers be configured in an organization with multiple local offices separated by WAN connections to optimize and control management of the updates? A. In a hub and spoke organization B. In a hierarchical organization C. Each WSUS server receives updates from Microsoft Updates D. None of the above 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings
Chapter 7
Monitoring and Managing a Network Infrastructure
167
20. Which of the following is a requirement of all computers that are participating in WSUS deployment? A. They must be running Windows 2000 with service pack 3 or 4 B. They must be running Windows XP Professional C. They must be running Windows Vista business D. They must be able to establish HTTP connections to the Internet and to each other 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 21. Which of the following client operating systems do not meet the requirement for computers to utilize WSUS server updates? A. Windows XP Home B. Windows 2000 with SP3 or SP4 C. Windows XP Professional D. Windows Vista 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 22. Which of the following server operating systems meets the requirement for WSUS deployment? Choose the best answer. A. Windows NT Server B. Windows Server 2000 C. Windows Server 2003 D. Windows Server 2008 E. Windows Server 2000 and Server 2003 F. Windows Server 2003 and Server 2008 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 23. WSUS servers can retrieve updates from which of the following? A. Microsoft Updates B. Another WSUS server C. Both Microsoft Updates and another WSUS server D. Any update site 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 24. If you have more than one WSUS server and you configure them to receive updates from another WSUS server, you can choose to synchronize approvals, settings, and computers from the parent WSUS server. This in effect makes the server which of the following? A. Servant B. Replica C. Clone D. None of the above 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings
7
168
MCTS: Windows Server 2008 70-642 Q&A
25. When WSUS servers are configured as replicas by synchronizing approvals and settings, which of the following is true? A. Update must be approved B. Bandwidth may be optimized C. WAN usage may be limited D. Updates do not need to be approved on the replica 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 26. When a WSUS server is autonomous, which of the following is true? A. Autonomous WSUS server updates must be approved B. Server updates do not have to be approved C. Autonomous WSUS servers must connect directly to Windows Updates D. Autonomous WSUS servers are replicas of their parent servers 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 27. WSUS servers can be configured to store updates locally or can direct clients to download them from Microsoft. When stored locally, what is the minimum storage requirement? A. 500MB B. 5GB C. 6GB D. 8GB 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 28. When the decision to store updates locally is made, which of the following will affect the disk storage requirements? A. Number of clients B. Number of languages supported C. Number of client operating systems D. All of the above will affect storage requirements 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 29. Although it requires local disk storage, which of the following is an advantage of local update retention? A. Higher security B. Redundancy C. Availability D. Reduced Internet bandwidth usage 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings
Chapter 7
Monitoring and Managing a Network Infrastructure
169
30. The WSUS server stores the updates in a Windows internal database. What is the minimum disk space requirement for the internal database? A. 1GB B. 2GB C. 3GB D. 5GB 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 31. When configuring WSUS updates to download, why should you select only languages that are specific to the client computer? A. To save time authorizing updates B. To save space C. To make updates run faster D. All of the above 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 32. Why should downloading updates in all languages be avoided? A. To save disk space and download bandwidth B. Because costs will be too high C. Because updates to client computers will be in different languages D. Downloads are available only in English 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 33. Microsoft Updates are available for which of the following applications and products? A. Microsoft Office B. Microsoft Server C. Microsoft Exchange Server D. ISA Server E. SQL Server F. All of the above 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 34. Which of the following tools can identify which client computers have missing updates? A. Windows Update Console B. Installation Manager 2007 C. MQSA D. NAS E. All of the above 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings
7
170
MCTS: Windows Server 2008 70-642 Q&A
35. Which of the following tools can identify which computers have missing updates, regardless of whether they are WSUS clients? (Choose two.) A. Windows Update Console-Computer and Reports B. Configuration Manager 2007 C. MBSA D. NAP E. Microsoft Systems Management Server F. All of the above 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 36. Which of the following tools can identify a computer on your network that is not updated or is out of date and remove it from the network? A. Windows Update Console B. Configuration Manager 2007 C. MBSA D. NAP 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 37. WSUS server is available from which of the following sources? A. Windows SUS is included with Windows Server 2008 B. Windows SUS is included with Windows Server 2003 C. WSUS is downloaded from Microsoft D. WSUS is downloaded from Windows Updates 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 38. After installing the WSUS service, what is the first step in preparing the service for use? A. Configuring the Update Console B. Synchronizing C. Installing the client software D. None of the above 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 39. Which of the following WSUS options will allow you to configure the server as an upstream WSUS server or to receive updates directly from Microsoft? A. Update Files and Languages B. Products and Classifications C. Update Source and Proxy Server D. Computers 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings
Chapter 7
Monitoring and Managing a Network Infrastructure
171
40. Which of the following is NOT a typical computer group used to test updates for deployment into your enterprise? A. Beta B. Testing C. Pilot D. Production 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 41. When creating WSUS Server computer groups in a small organization, which of the following will you most likely be using to create your groups? A. Server-side groups B. Group Policy grouping C. Client-side targeting D. Server-side targeting 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 42. To begin using WSUS, open the Update Console to create computer groups. The default computer group is called which of the following? A. Default B. Group C. All Computers D. Computers 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 43. You have begun to configure your WSUS server and are creating a new computer group. Where do you create additional computer groups? A. Update Service Console B. Right-click the All Computers group C. Choose the Action menu from the Update Console D. Choose ADD Computer group from the console tree 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 44. You have begun to configure your WSUS server and have created a new computer group. You will be using server-side targeting to add computers to the new computer groups. How would you do this? A. Use Update Service Console B. Choose the Action menu from the Update Console C. Right-click the All Computers group and choose the unassigned computer D. Right-click the All Computers group 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings
7
172
MCTS: Windows Server 2008 70-642 Q&A
45. You are assigning computers to groups in your WSUS server.You are using client-side targeting. What is the first step to assign clients to a computer group? A. Select Unassigned Computers and right-click to assign to a group B. Select Options > Use Group Policy Settings C. On the client, select the Enable Client Side Targeting Policy setting D. Select Options > Computers > Use Group Policy Settings 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 46. You are setting up your WSUS server and have chosen to use client-side targeting to create your computer groups. After selecting the Use Group Policy Settings in the Update Services console, what is the next step in placing your computers into groups? A. Configure the Policy setting on the clients B. Configure a GPO for each group you want to create and apply them to the appropriate computers C. Right-click the unassigned computer and choose Change Membership D. Any of the above 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 47. You are setting up your WSUS server and have selected to use client-side targeting to create your computer groups. After selecting the Use Group Policy Settings in the Update Services console, what is the Group Policy setting you will use to assign your client computers to the WSUS groups? A. Computer Configuration\Policies\Administrative Templates\Windows Components\ Windows Update B. User Configuration\Policies\Administrative Templates\Windows Components\ Windows Update C. Enable Client-Side Targeting D. Enable Server-Side Targeting 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 48. You are in the process of setting up your WSUS server to receive updates.Which of the following will you enter into the Set The Internet Update Service For Detecting Updates box? A. Your domain name B. http://Windowsupdate C. http://WSUS D. http://Your_WSUS_Computer_Name 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings
Chapter 7
Monitoring and Managing a Network Infrastructure
173
49. You are configuring your Group Policy setting in a GPO to have client computers receive updates from the WSUS server.You have configured the WSUS server location; what is the next step? A. Double-click the Configure Automatic updates and configure the automatic updates settings B. Nothing more is needed C. Click Enable D. Select 4 Auto Download 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 50. You are configuring your Group Policy setting in a GPO to have client computers receive updates from the WSUS server.Which Automatic Update Selection will automatically download and schedule installations? A. Select 1 Auto Download and Schedule Install B. Select 4 Auto Download and Schedule Install C. Select 3 Auto Download D. Double-click Configure Automatic Updates and configure the automatic updates settings 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 51. Once the WSUS server is configured and the clients have the correct Group Policy setting, they will begin receiving updates from the WSUS server.Which of the following is true concerning the updates? A. All updates will be sent to the clients with no further steps B. Only critical updates will be sent C. No updates will be approved by default D. Only security updates will be sent 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 52. You are configuring the manual update settings in your WSUS server. Which of the following is NOT a setting found in the Updates Options settings? A. Critical Updates B. Security Updates C. WSUS Updates D. Patches 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 53. You are adjusting the approval setting for your WSUS server.Which of the following options displays only high-priority updates? A. All Updates B. Critical Updates C. Security Updates D. WSUS Updates 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings
7
174
MCTS: Windows Server 2008 70-642 Q&A
54. You are adjusting the approval setting for your WSUS server.Which of the following options displays updates related to the update process? A. All Updates B. Critical Updates C. Security Updates D. WSUS Updates 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 55. You are approving updates for a group of computers in your network.You want to set a deadline after which users cannot delay the installation of the update. How do you set a deadline? A. Right-click the computer group and choose Deadline B. Select the updates and right-click them, then select Set Deadline C. Select Deadline from the Status drop-down box D. Deadlines are set automatically every three days 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 56. What does declining an update in the WSUS server console accomplish? A. It prevents updates from being sent B. It tells clients to reject the updates C. It helps organize the updates in the WSUS console D. It removes the updates from the client computers 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 57. You would like to view the reports available for information about updates and computers and the WSUS server synchronization. Where would you view the WSUS reports? A. Event Viewer B. Updates Services Console > Reports node C. Administrative Tools D. Updates Services Console > Computers node 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 58. You have accessed the reports on your WSUS server and want to export a report to an Excel spreadsheet that shows whether each update has been installed on each computer. Which of the following reports should you use? A. Compute Detailed Status B. Update Detailed Status C. Synchronization Results D. Computer Tabular Status 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings
Chapter 7
Monitoring and Managing a Network Infrastructure
175
59. The following steps are to be used in the event that there is a problem with either the WSUS server or the client configuration that is preventing the installation of updates. Place the steps in the correct order. A. Examine the system root windowsupdate.log file B. Use the RSoP tool C. Go to http://WSUS_Server_Name/iudent.cab 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 60. During the troubleshooting of a problem with WSUS and a client computer you may need to stop and restart the update service on the client computer. Which of the following commands will stop the client update service? A. net stop wsus B. net stop wuauserv C. net stop Wuau_computer_name D. None of the above 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 61. During the troubleshooting of a problem with WSUS and a client computer you may need to stop and restart the update service on the client computer. Which of the following commands will start the client update service? A. net start wsus B. net start Wuau_computer_name C. net start wuauserv D. Any of the above 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 62. During the troubleshooting of a problem with WSUS and a client computer you may need to make the update service contact the WSUS server.Which of the following commands will force the client to query the update server? A. wuauclt /a B. net start update C. net wuanclt D. net start wuauclt /a 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 63. Windows Server Update Services adds events to the system log every time an update is downloaded or installed.What is the event warning number when it cannot connect to the update service? A. 166 B. 16 C. 116 D. 06 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings
7
176
MCTS: Windows Server 2008 70-642 Q&A
64. You can view Windows Update events in the system log. What is the source for the system log for update events? A. WindowsUpdateClient B. WSUS C. WSUSUPdate D. Windows WSUS 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 65. You have a Windows Vista workstation configured to receive updates automatically from your WSUS server. How do you view which updates have been installed on that computer? A. Start > Control Panel > Updates B. Start > Control Panel > System > Windows Update C. Start > Control Panel > System and Maintenance > Windows Update D. This cannot be done from the client computer 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 66. Which of the following is used to identify an update that may be the source of a problem? A. The process number B. The GUID C. The update number D. The KB number 70-642 TS Objective 5.1: Configure Windows Server Update Services (WSUS) server settings 67. How do you open the tool shown in the image?
Chapter 7
Monitoring and Managing a Network Infrastructure
177
A. Service Manager > Diagnostics > Performance B. Service Manager > Diagnostics > Reliability and Performance > Monitoring > Performance Monitor C. Service Manager > Diagnostics > Monitoring >Performance D. Service Manager > Diagnostics > Reliability and Performance > Monitoring > Reliability 70-642 TS Objective 5.2: Capture performance data 68. In the General tab of the Performance Monitor, you can control the duration box to control how much data is displayed. Which of the following duration settings will display one hour of data? A. 360 B. 3,600 C. 36,000 D. 60 70-642 TS Objective 5.2: Capture performance data 69. In the General tab of the Performance Monitor, you can control the duration box to control how much data is displayed.Which of the following duration settings will display one day of data? A. 86,400 B. 3,600 C. 800 D. 360 70-642 TS Objective 5.2: Capture performance data 70. In Performance Monitor, which tab in the Properties dialog box will allow you to change the colors of a counter? A. General B. Source C. Data D. Graph E. Appearance 70-642 TS Objective 5.2: Capture performance data 71. Which one of the following types of charts is NOT available in Performance Monitor? A. Line B. Histogram bar C. Report D. Pie 70-642 TS Objective 5.2: Capture performance data
7
178
MCTS: Windows Server 2008 70-642 Q&A
72. You want to use Performance Monitor to show log files that you have saved as a data collector set. Which tab of the Performance Monitor Properties dialog box will you select to change the display? A. General B. Source C. Data D. Graph E. Appearance 70-642 TS Objective 5.2: Capture performance data 73. Performance Monitor allows you to have several different windows open at the same time. To help distinguish between the different windows, Performance Monitor allows you to change the background colors. Which tab would you use to change the background color? A. General B. Source C. Appearance D. Data E. Graph 70-642 TS Objective 5.2: Capture performance data 74. Performance Monitor typically displays graphical information from the left. If you want to view graphing information from right to left, which tab would you use to change the way data scrolls? A. General B. Source C. Appearance D. Graph E. Data 70-642 TS Objective 5.2: Capture performance data 75. Reliability Monitor tracks a computer’s failures and new software installations to create a reliability index. Which of the following index levels is considered the best by Reliability Monitor? A. 100 B. 50 C. 10 D. 9 70-642 TS Objective 5.2: Capture performance data
Chapter 7
Monitoring and Managing a Network Infrastructure
179
76. Reliability Monitor tracks a computer’s failures and new software installations to create a reliability index. Which of the following index levels is considered the lowest by Reliability Monitor? A. 0 B. 50 C. 10 D. 9 70-642 TS Objective 5.2: Capture performance data 77. Reliability Monitor tracks a computer’s failures and new software installations to create a reliability index. A computer that has no recent failures and no new software installations would typically receive an index rating of _____ by Reliability Monitor. A. 0 B. 10 C. 5 D. 1 70-642 TS Objective 5.2: Capture performance data 78. In the image shown here of the Reliability Monitor, what is displayed across the top?
A. Daily Data Points B. Hardware Failures C. Successful and unsuccessful software installs D. Windows Failures 70-642 TS Objective 5.2: Capture performance data
7
180
MCTS: Windows Server 2008 70-642 Q&A
79. In the image here of the Reliability Monitor, what is shown in the bottom of the graph?
A. Hardware Failures B. Daily Data Points C. Successful and unsuccessful software installs D. Windows Failures E. Miscellaneous Failures 70-642 TS Objective 5.2: Capture performance data 80. What does the Reliability Monitor use to gather the information necessary to create the index values? A. RAK B. RAC C. RAID D. ACAgent 70-642 TS Objective 5.2: Capture performance data 81. The Reliability Monitor runs a hidden scheduled task with RACAgent.exe once an hour. How can you view the hidden tasks with the Reliability Monitor? A. Task Scheduler B. Action menu > View Tasks C. Action Properties > View Task D. View menu > Show Hidden Tasks 70-642 TS Objective 5.2: Capture performance data
Chapter 7
Monitoring and Managing a Network Infrastructure
181
82. Which of the following is NOT collected in a data collector set? A. Configuration settings B. Performance data C. System drivers D. System information 70-642 TS Objective 5.2: Capture performance data 83. Windows Server 2008 includes several built-in data collector sets that can be used to troubleshoot various problems.Which of the following data collector sets would you use to help troubleshoot a VPN connection? A. System Diagnostics B. System Performance C. LAN Diagnostics D. Wireless Diagnostics 70-642 TS Objective 5.2: Capture performance data 84. Windows Server 2008 includes several build-in data collector sets that can be used to troubleshoot various problems.Which of the following data collector sets would you use to help troubleshoot a problem with hardware? A. System Diagnostics B. System Performance C. LAN Diagnostics D. Wireless Diagnostics 70-642 TS Objective 5.2: Capture performance data 85. To use a data collection set, right-click it and choose Start. For how long will the System Performance Diagnostics Data Collection Set collect information? A. 1 minute B. 3 minutes C. 30 seconds D. 5 minutes 70-642 TS Objective 5.2: Capture performance data 86. To use a data collection set, you right-click it and choose Start. For how long will the LAN Diagnostics Data Collection Set collect information? A. 1 minute B. 3 minutes C. 5 minutes D. Unlimited 70-642 TS Objective 5.2: Capture performance data
7
182
MCTS: Windows Server 2008 70-642 Q&A
87. To use a data collection set, you right-click it and choose Start. For how long will the Wireless Diagnostics Data Collection Set collect information? A. Unlimited B. 1 minute C. 3 minutes D. 5 minutes 70-642 TS Objective 5.2: Capture performance data 88. After running a data collection set, the report is stored in the Reliability and Performance Reports node. Reports are automatically named using which of the following conventions? A. Yydd#### B. Yyyymmdd#### C. Yyyy#### D. Ddmmyyyy#### 70-642 TS Objective 5.3: Monitor event logs 89. All but one of the following Windows platforms can collect events from remote computers. Which operating system cannot collect event data remotely? A. Windows Vista B. Windows Server 2003 R2 C. Windows XP D. Windows Server 2008 70-642 TS Objective 5.3: Monitor event logs 90. To use event forwarding, you need to configure both the forwarding and collecting computers. Which of the following is used to forward the events? A. HTTP/HTTPS B. SMTP C. Cable Connections D. Any of the above 70-642 TS Objective 5.3: Monitor event logs 91. Which of the following is used to configure the event forwarding on Windows Vista and Windows Server 2008 computers from the command line? A. Remote Management B. Windows Management Controller C. WinRM D. WRM 70-642 TS Objective 5.3: Monitor event logs
Chapter 7
Monitoring and Managing a Network Infrastructure
183
92. Which of the following is the service that runs the collection of the forwarded events on the collecting computer? A. WinRM B. WinSubscription C. Windows Collection D. Windows Event Collection 70-642 TS Objective 5.3: Monitor event logs 93. To configure a Windows Server 2008 computer as a collector, you use a command-line tool or click which of the following in Event Viewer? A. Collections B. Forwarding C. Subscriptions D. None of the above 70-642 TS Objective 5.3: Monitor event logs 94. You want to start the Subscription Service in Windows Server 2008.Which choice represents the best way to get this dialog box to start the service?
7
A. Select Subscriptions in Server Manager B. Double-click Subscriptions in Event Viewer C. Select Collection in Event Viewer D. Select Subscriptions and right-click in Event Viewer 70-642 TS Objective 5.3: Monitor event logs
184
MCTS: Windows Server 2008 70-642 Q&A
95. This is the Event Subscription Properties dialog box in Windows Server 2008. How do you open the subscription form to create an event subscription?
A. Server Manager > Diagnostics > Event Viewer node > Subscriptions B. Server Manager > Roles > Subscriptions C. Server Manager > Features > Event Forwarding D. Server Manager > Diagnostics > Subscriptions 70-642 TS Objective 5.3: Monitor event logs 96. There are three types of subscriptions that can be configured for event forwarding.Which of the following is NOT one of the three subscription types? A. Normal B. Minimized Bandwidth C. Optimized D. Minimum Latency 70-642 TS Objective 5.3: Monitor event logs 97. You want to configure your event forwarding to use the encrypted HTTPS protocol. How would you configure the forwarding computer to use secure HTTPS? A. Select HTTPS from the Subscription form B. Run winrm quickconfig –transport:https C. Run wecutil qc D. Configure the sending computer with a certificate 70-642 TS Objective 5.4: Gather network data
Chapter 7
Monitoring and Managing a Network Infrastructure
185
98. Windows Network Monitor is a powerful network analyzer. Where do you find Network Monitor in Windows Server 2008? A. Server Manager B. Event Viewer C. Administrative Tools D. Downloaded from Microsoft as a free download 70-642 TS Objective 5.4: Gather network data 99. Place the steps in the correct order to start monitoring after you’ve installed Network Monitor? A. From the Start tab, select the network adapter to monitor B. Click Start > All Programs > Microsoft Network Monitor C. Open the Network Monitor Start page 70-642 TS Objective 5.4: Gather network data 100. Network Monitor offers several different options for monitoring modes. After you select the network adapter you can select the properties for the network adapter and pick from different modes.Which mode will allow you to collect frames sent to other computers on a wired network? A. Private mode B. P-mode C. Inclusive mode D. Q-mode 70-642 TS Objective 5.4: Gather network data 101. Network Monitor offers several different options for monitoring modes. After you select the network adapter you can select the properties for the network adapter and pick from different modes.Which mode will allow you to collect frames sent to other computers on a wireless network? A. Private mode B. P-mode C. Monitor mode D. Q-mode 70-642 TS Objective 5.4: Gather network data 102. If you’re using Network Monitor on a network with a layer two switch to enable monitoring frames that are not directed to your network adapter, you will need to use which of the following switch options? A. A/ Port directing B. VLAN C. Monitoring port D. Port forwarding 70-642 TS Objective 5.4: Gather network data
7
186
MCTS: Windows Server 2008 70-642 Q&A
103. Which command enables network monitoring from a command prompt? A. NMcap B. NETMON.exe C. This function is not available with Network Monitor D. NMcap /network/capture 70-642 TS Objective 5.4: Gather network data 104. Which of the following network monitoring programs will capture network traffic without the burden of first installing a network monitor driver? A. NMcap B. Network Monitor C. Network Monitor OneClick D. Network Monitor QuickClick 70-642 TS Objective 5.4: Gather network data 105. Network Monitor displays several different screens to analyze the captured data.Which pane in Network Monitor is best for viewing a summary of the data in the frame? A. Hex Detail frame B. Frame Details pane C. Frame Summary pane D. Capture tab 70-642 TS Objective 5.4: Gather network data 106. Network Monitor displays several different screens to analyze the captured data.Which pane in Network Monitor is best for browsing all the captured data? A. Hex Detail frame B. Frame Details pane C. Frame Summary pane D. Capture tab 70-642 TS Objective 5.4: Gather network data 107. Finding data in a capture can be difficult due to the number of frames in the capture. Capture Filters can help narrow the search. Which of the following is true about Capture Filters? A. Use Capture Filters on existing data B. Create Capture Filters before starting the capture C. Capture Filters removes frames after they are captured D. Capture Filters results are not created with the standard filters 70-642 TS Objective 5.4: Gather network data
Chapter 7
Monitoring and Managing a Network Infrastructure
187
108. You are configuring a capture filter and want to use a standard filter to show only requests sent to or from the current computer. Which of the following filters will you use? A. IPv4SubNet B. IPv6Address, IPv6Destination Address, and IPv6Source Address C. BaseNetworkTShoot D. MyIPv4Address and MyIPv6Address 70-642 TS Objective 5.4: Gather network data 109. You are configuring a capture filter and want to use a standard filter to show only requests sent to a specific website. Which of the following filters will you use? A. HttpWebSearch B. IPv6Address, IPv6Destination Address, and IPv6Source Address C. MyIPv4Address and MyIPv6Address D. BaseNetworkTShoot 70-642 TS Objective 5.4: Gather network data 110. You are configuring a capture filter and want to use a standard filter to show ping requests. Which of the following filters will you use? A. IPv4SubNet B. BaseNetworkTShoot C. IPv6Address, IPv6Destination Address, and IPv6Source Address D. MyIPv4Address and MyIPv6Address 70-642 TS Objective 5.4: Gather network data 111. You are configuring a capture filter and want to use a standard filter to show the NetBIOS requests sent to or from the current computer. Which of the following filters will you use? A. IPv6Address, IPv6Destination Address, and IPv6Source Address B. MyIPv4Address and MyIPv6Address C. NameResolution D. BaseNetworkTShoot 70-642 TS Objective 5.4: Gather network data 112. You are configuring a capture filter and want to use a standard filter to show only requests sent to or from a specific IPv6 address. Which of the following filters will you use? A. IPv4SubNet B. IPv6Address, IPv6Destination Address, and IPv6Source Address C. MyIPv4Address and MyIPv6Address D. BaseNetworkTShoot 70-642 TS Objective 5.4: Gather network data
7
This page intentionally left blank
Part III
ANSWERS TO PRACTICE TESTS
This page intentionally left blank
ANSWERS FOR CHAPTER
3
CONFIGURING IPV4 AND IPV6 Question Answer 1 A
Explanation 192.168.244.0/23 grants 510 hosts.
2
C
S=2b is the formula for determining the number of subnets in an IPv4 network.
3
B
Using the formula (b= nint – next): b= 27 – 24 = 3. And using the formula for the determining the number of subnets (s=2b): s = 23 = 8.
4
A
255.255.252.0 translates into /22 in slash notation.
5
C
/19
6
A
A default gateway must be on the same broadcast domain and have the same network ID in order for it to work correctly.
7
B
The IPv4 addresses 172.16.0.0 to 172.31.255.254 are reserved for private networks.
8
A; C
Routers block broadcasts and define subnets; subnetting a network allows you to limit the broadcast traffic. Subnetting also causes simplified administration because the control of each subnet can be given to other administrators.
9
B
/25
10
D
255.255.252.0 grants 1022 network hosts.
11
C
ISATAP allows IPv4 to communicate with IPv6 by performing a type of address translation between IPv4 and IPv6.
12
A
6to4 is a protocol that tunnels IPv6 traffic over IPv4 traffic through 6to4 routers.
13
C
Teredo relies on an infrastructure that includes Teredo clients, Teredo servers, Teredo relays, and Teredo host-specific relays.
14
C
2001:DB8:3FA9::D3:9C5A is the shortest form because the leading 0s were dropped and all adjacent zero blocks can be replaced by a set of double colons.
is converted into 255.255.224.0
network grants you 128 addresses, which is enough for the new requirements.
191
3A
192
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 15 D
Explanation The loopback address in IPv6 is ::1.
16
A
The address prefix of fd00:: is used for all ULAs.
17
D
The prefix used for global addresses is 2000::/3.
18
A
Link-local addresses are used only for communication on the local subnet.
19
A; C; F
Addresses are in a tentative state for the brief period of time between first assigning the address and verifying that the address is unique. If the address is unique, it is called preferred and assigned a lifetime. If it exceeds its lifetime it is called deprecated.
20
D
Global addresses can communicate directly with IPv6-only hosts on public networks. This type of address is needed if you want to connect to the Internet.
21
A
Unique local addresses are used like private IPv4 address. They are used in private routing in organizations.
22
B; D; F
The three types of IPv6 addresses are global, link-local, and unique local.
23
B
IPv6 is not backwards compatible with IPv4, and requires separate infrastructure in order to communicate on IPv4 networks.
24
C
6to4 allows an IPv4 host to communicate with IPv6 Internet.
25
C
A Teredo relay is a Teredo tunnel end point. It is an IPv6/IPv4 router that can forward packets between Teredo clients on the IPv4 Internet and IPv6-only hosts.
26
A
The Teredo server helps perform the address configuration of the Teredo client and facilitates initial communication either between two Teredo clients or between a Teredo client and an IPv6 host.
27
C
206.73.118.0/26 grants 62 hosts; the others grant fewer hosts.
28
A; C; D
The three ranges for IPv4 addresses are public, private, and APIPA.
29
C
The Internet Assigned Numbers Authority (IANA) divides up the nonreserved portion of the IPv4 addresses and delegates responsibility for address allocation to different regional registries.
30
A
192.168.1.12 is in the range of private IPv4 addresses.
31
D
The formula to determine the number of subnets in a given network is s = 2b, where b = the number of bits in the subnet ID.
32
B
255.255.0.0 is the same subnet used by the addresses already on the network.
33
B
When using VLSMs, the subnet ID is composed of 1s and a single trailing 0.
34
D
10.200.48.0 with a subnet mask of 255.255.240.0 grants 4094 hosts.
35
A; D
The two parts of an IPv4 address are the host ID and the network ID.
Answers for Chapter 3
Question Answer 36 C
Configuring IPv4 and IPv6
193
Explanation IPv4 addresses are 32 bits in length and composed of four octets of eight bits each.
37
C
Unlike IPv4, IPv6 does not rely on network broadcasts. Instead of broadcasts, IPv6 uses multicast or anycast transmission.
38
B
Unicast IPv6 addresses are divided into two parts: a 64-bit network component and a 64-bit host component.
39
B; E
The three types of IPv6 addresses are link-local, global, and unique local.
40
D
LLAs always begin with fe80.
41
C
003 Router is a preferred list of IPv4 addresses for routers on the same subnet as DHCP clients.
42
C
The option 006 DNS Servers lists the IP addresses for DNS name servers that DHCP clients can contact and use to resolve a domain host name query.
43
C
015 DNS Domain Name is an option that specifies the domain name that DHCP clients should use when resolving unqualified names during DNS domain name resolution.
44
C
044 WINS/NBNS Servers contains the IPv4 addresses of primary and secondary WINS servers for the DHCP client to use.
45
D
046 WINS/NBT Node Type is a preferred NetBIOS name resolution method for the DHCP client to use—such as b-node (0x1) for broadcast only or n-node (0x8) for a hybrid of the point-to-point and broadcast methods.
46
D
051 Lease is an option that assigns a special lease duration only to remote access clients.
47
B; C
The Specify IPv4 DNS Server Settings page of the Add Roles wizard gives you the ability to change the 015 DNS Domain Names and the 006 DNS Servers options for all scopes that you will create on the DHCP server.
48
D
The Specify IPv4 WINS Server Settings page enables you to configure the 044 WINS/NBNS Server options, in which you can assign a WINS server list to clients.
49
B
Before a DHCP server can provide IP address leases to clients, a scope needs to be defined by the DHCP server.
50
C
The default gateway option enables you to configure the 003 Router option.
51
B
An exclusion range is a set of one or more IP addresses that is included within the range of a defined scope but that you do not want to lease to DHCP clients.
52
C
A reservation is used to create a permanent address lease assignment by the DHCP server by associating an IP address with a MAC address.
3A
194
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 53 A; C; D
Explanation You can assign options at the server level, the scope level, and the reservation level.
54
B
Options defined at the server level are inherited by all scopes configured on the server.
55
D
Options defined at the scope level are inherited by all leases and reservations within the scope.
56
B
Options defined at the reservation level apply to that reservation only.
57
B; D
Options classes can be of two types: vendor classes and user classes.
58
B
All clients are assigned the options for the Default User class, except when a client is assigned a class-specific option that conflicts with the Default User class option.
59
C
Creating an exclusion for the address of 192.168.1.10 would still allow the DNS server to use it and would not conflict with the scope.
60
D
start /w ocsetup DHCPServerCore
61
A
To start DHCP for the first time, you need to use the following command: net start dhcpserver.
62
B
To make DHCP start automatically, you use sc config dhcpserver start= auto.
63
B
A vendor class is generally not configurable in the sense that the class identification is built into the software of the client.
64
A
User classes are configurable. Administrators can create new user classes, which they then populate by configuring a setting on the clients they choose.
65
B
The command, ipconfig/setclassid, assigns selected computers to the new user class.
66
B
MCTS is the class ID in the command: ipconfig /setclassid "local area connection" MCTS.
67
B
The command ipconfig /setclassid "local area connection" TS would configure the client to inherit the options defined for the TS class as well as the options defined for the default user class.
68
C
The Default User class is a class to which all DHCP clients belong and the class in which all options are created by default.
69
A
To add an exclusion range, in the DHCP console tree navigate to DHCP \ <server node> \ IPv4 \ Scope \ Address Pool.
70
C
Setting an exclusion range from 192.168.10.20–192.168.10.30 will prevent conflicts with the DHCP scope.
71
D
The Wired subnet type configures a lease with a duration of six days.
is the command used to configure a DHCP server on a Server Core installation of Windows Server 2008.
Answers for Chapter 3
Question Answer 72 A
Configuring IPv4 and IPv6
195
Explanation The Wireless subnet type configures a lease with a duration of eight hours.
73
C
The default gateway option enables you to configure the 003 Router option.
74
A; D
The Subnet Type setting lets you choose from the Wired subnet type or the Wireless subnet type.
75
B
A DHCP server must be authorized before it will issue IP addresses to clients.
76
C
The scope needs to be activated in a domain environment in order for the DHCP server to lease addresses.
77
A
The 003 Router option lets users configure the default gateway, which would be the most likely problem in this situation.
78
B
The server needs to be assigned an address that is located on the same subnet.
79
C
015 DHCP Domain Name is not a valid DHCP option; it should be 015 DNS Domain Name.
80
B
006 DNS Servers is the DHCP option that has the address for the DNS name servers that DHCP clients can contact and use to resolve a domain host name query.
81
B
PathPing provides the more detailed and reliable analysis of network performance.
82
C
Routing protocols simplify configuration and allow routers to automatically adjust when network conditions change.
83
A
Routing Internet Protocol (RIP) is a popular routing protocol.
84
D
Earlier versions of Windows supported the Open Shortest Path First (OSPF) routing protocol, which has been removed from Windows Server 2008.
85
C
The General tab allows you to select whether RIP v1 or RIP v2 is used and whether authentication is required.
86
D
The Security tab allows you to choose whether to filter router advertisements.
87
A
The Neighbors tab allows you to manually list the neighbors that the computer will communicate with.
88
C
The Advanced tab allows you to configure announcement intervals and time-outs, as well as other infrequently used settings.
89
C
Policy is not one of the tabs in the Configure RIP Properties dialog box.
90
A
The four settings tabs are General, Security, Neighbors, and Advanced.
91
B
A router’s IP address must always be on the same subnet as the computer.
3A
196
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 92 B
Explanation Whether you use single or multiple default gateways, you do not need to configure static routing.You simply configure the default gateways using standard network configuration techniques such as DHCP.
93
C
If a computer needs to use different routers to communicate with different remote networks, you need to configure static routing.
94
B
To configure static routing, you use the command-line tool called route.
95
A
route –p 192.168.6.0 Mask 255.255.255.0 192.168.1.4 way to enter the route command-line tool.
96
C
The route print command shows a printout of the routing table.
97
B
When the netmask shows 0.0.0.0, it means that it is the default gateway.
98
C
Any statically added routes show up in the Persistent Routes section of the routing table.
99
D
When the netmask shows 255.255.255.255, it means that it is an interface.
100
A
A loopback interface shows a network destination of 127.0.0.0 or 127.0.0.1.
101
D
A multicast address shows a network destination of 224.0.0.0 on the routing table.
102
B
192.168.0.1 is the default gateway.
103
A
The subnet mask is 0.0.0.0.
104
B
10.10.0.0 with a subnet mask of 255.255.0.0 is the network.
105
B
When the computer wants to send traffic to the 10.10.0.0/16 network, it will send it to the router at 192.168.2.102.
106
B
route add 192.168.6.0 MASK 255.255.255.0 192.168.5.2
107
B
The –p in the route add command makes a route persistent.
108
C; D
PathPing and TraceRT both show the routers that a packet has to travel between the client and server.
109
C
In order to use RIPv2, you must first install the Routing and Remote Access Service.
110
A
You must enable Routing Internet Protocol (RIP) in order for the server to automatically detect each subnet.
111
B; C
RIP and OSPF are examples of Internet protocols.
112
B
Hop is another name for a router or gateway.
113
A
A routing table is a list of all IP destinations and how a computer can connect to them.
114
C
The route print command displays the routing table.
is the correct
will allow the two separate networks to communicate using the new router.
Answers for Chapter 3
Question Answer 115 D
Configuring IPv4 and IPv6
197
Explanation Inactive routes is not part of the routing table.
116
C
When the netmask is 0.0.0.0, it shows the default gateway.
117
B
When the netmask is 255.255.255.255, that route shows an interface.
118
D
If a route shows a network destination of 224.0.0.0, it is a multicast address.
119
D
route print
120
B
If the node is set up to ignore the Internet Control Message Protocol (ICMP), it will not show up on a PathPing or TraceRT report.
121
B
The image shows an example of the PathPing command.
122
A
The image shows an example of the TraceRT command.
123
C
The image shows the static routing table.
124
B
IPSec is a way to secure information sent between two computers on an IP-based network.
125
A; D
IPSec provides data authentication and encryption.
126
A
Data authentication ensures that data is not tampered with during transit.
127
C
The ability to make data unreadable in transit is a part of the encryption service.
128
D
Encryption will make data unreadable to outside users during the transit.
129
B; C
In Windows Vista and Windows Server 2008, IPSec is secured by IPSec policies and connection security rules.
130
C
By default, IPSec policies attempt to negotiate both authentication and encryption services.
131
A
By default, IPSec policies attempt to negotiate only the authentication service.
132
B
To assign an IPSec policy to a specific computer, you must use Local Security policy.
133
A
To assign an IPSec policy to a group of computers, you must use Group Policy.
134
C
Each IPSec policy is made up of one or more IPSec policy rules.
135
A
Each IPSec policy rule is related to one IP filter list and one Filter action.
136
D
An IP filter list consists of a set of one or more IP filters.
137
D
Allow once is not an option for a possible filter action.
138
B
Possible filter actions are block, permit, and negotiate security.
139
B
An IPSec policy rule always has an IP filter list.
140
A
Connection security rules do not consist of filters and filter actions.
will display the routing table, like the one in the exhibit.
3A
198
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 141 C
Explanation Connection security rules apply to all parts of IP traffic, not specific portions.
142
A
You can use the WFAS console to configure connection security rules for any computer in the Windows firewall.
143
C
Data sent between two computers in an IPSec connection is protected and known as a Security Association.
144
A; B
Protection for a Security Association is given by the Authentication Header (AH) and Encapsulation Security Payload (ESP).
145
A
Authentication Header (AH) provides data origin authentication, data integrity, and anti-replay protection for the entire packet.
146
B
Encapsulating Security Payload (ESP) provides data encryption, data encryption, data origin authentication, date integrity, and anti-replay protection for the payload.
147
D
You can use any combination of AH and ESP in order to secure an SA.
148
C
The Internet Key Exchange (IKE) protocol is used to create a common policy to create the SA.
149
B
IKE goes through a two-stage process in order to secure a connection.
150
C
The first stage of an IKE process is called the Main mode negotiation.
151
B
The second stage of an IKE process is called the Quick mode negotiation.
152
C
IPSec is most often used in Transport mode.
153
C
Transport mode is used in most IPSec-based VPNs.
154
D
Tunnel mode allows you to use IPSec on non-compatible VPN gateways.
155
D
In Tunnel mode, an IP packet is secured and then hidden with a new, unprotected IP header.
156
D
Encryption is not one of the three methods of authentication for IPSec.
157
A
Kerberos is the default method of authentication in Active Directory for IPSec.
158
B
Certificates require you to install a certificate on the host from a CA in order to authenticate.
159
C
Preshared Key is the least secure method of authentication for IPSec because it is used only on the end points of the connection.
160
A
A computer assigned with the predefined policy of Client will never attempt to establish an IPSec connection with another computer.
161
B
A computer assigned the default policy of Server will accept unsecure traffic and, if unable to get security, will continue in an unsecure communication.
Answers for Chapter 3
Question Answer 162 C
Configuring IPv4 and IPv6
199
Explanation A computer assigned the Secure Server policy will only accept secure traffic.
163
A
A computer can only have one defined IPSec policy at any given time.
164
A
The Tunnel Endpoint page of the Create IP Security wizard allows you to set IPSec to Tunnel mode.
165
B
The Tunnel Endpoint page of the Create IP Security wizard allows you to set IPSec to Tunnel mode.
166
C
The IP Filter List page allows you to set an IP filter for the rule.
167
B
Deny is not a predefined IP filter on the Filter Action page.
168
A
Permit allows the IP packets to packets to pass through without being secured.
169
C
Request Security will ask for security after it allows the packets to pass through unsecured.
170
D
Require Security will make the local computer get security from the IP source before allowing the connection to take place.
171
B
The Authentication Method page allows you to select the authentication method for your IPSec rule.
172
A
By default, IPSec rules rely on Kerberos.
173
C
There is no encryption page in the New Connection Security Rule wizard.
174
C
The Rule Type page allows you to select the type of rule that you are going to create.
175
D
The Encryption rule is not one of the premade rule types.
176
A
The Isolation rule is used to authenticate based on the profile selected in the Network and Sharing Center.
177
A
The image shows the options for the network locations, used by the Isolation rule.
178
B
Domain isolation is used to describe the ability to use connection security rules to block traffic from computers outside the local domain.
179
B
The Authentication Exemption rule allows users access to specific computers or IP ranges that do not have to be authenticated.
180
C
The Server-To-Server rule allows you to manually authenticate communications between a specific IP address and sets of IP addresses.
181
D
The Tunnel rule type is used to set up IPSec tunnel mode for VPN gateways.
182
C
You can use the Custom rule type to create combinations of other rule types or to define special settings.
3A
200
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 183 B
Explanation The Endpoints page allows you to pick the remote computers that you want to create an IPSec connection with.
184
C
The Requirements page allows you to select whether you want communication to be authenticated.
185
D
The Authentication Method page allows you to select the method used by the computer endpoints to authenticate.
186
C
The Profile page allows you to limit which network location types apply to the rule.
187
D
The name page allows you to add a name and a description to the rule.
188
A; B
The properties of the Windows Firewall with Advanced Security node will give you the ability to modify the IPSec defaults and ICMP exemptions.
189
A
If you follow those directions, you can configure data encryption for connection security rules.
190
C
Changing the setting in the IPSec Settings tab will prevent ICMP messages from being authenticated or encrypted.
191
C
Encapsulating Security Payload (ESP) is the method used by IPSec to encrypt data.
192
C
Because they are both on the same Active Directory forest, you can use Kerberos.
ANSWERS FOR CHAPTER
4
CONFIGURING NAME RESOLUTION Question Answer 1 C
Explanation The best way to install a DNS server on a Domain Controller is to install them both at the same time.
2
A
dcpromo.exe promotes a server to a Domain Controller by installing the AD DS binaries and then running the AD DS Installation wizard.
3
B
The name given to the Active Directory domain during the AD DS Installation wizard is also the name given to the associated DNS zone.
4
C
The option to install a DNS server on a Domain Controller is selected by default in the AD DS Installation wizard.
5
D
If you choose to install a DNS server during the AD DS Installation wizard, it will configure the DNS server and the hosted forward lookup zone for you.
6
B
Click start, go to Administrative Tools, and then select DNS to get to the DNS manager.
7
C
dcpromo
8
B
No, you can’t use a dcpromo to install a DNS server on a stand alone server or on a member server.
9
A
Yes, you can use dcpromo to install a DNS server on a Server Core installation of Windows 2008.
10
B
The command dcpromo /unattend: will install the Active Directory Domain Services role on a Server Core installation of Windows Server 2008.
11
B
To create an answer file you must run dcpromo on a computer running a full installation of Windows Server 2008.
12
A
The command start /w ocsetup DNS-Server-Core-Role will install a DNS server on a standalone or member server running a Server Core installation of Windows Server 2008.
will convert a server to a Domain Controller.
201
4A
202
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 13 B
Explanation The command start /w ocsetup DNS-Server-Core-Role /uninstall will uninstall a DNS server on a standalone or member server running a core installation of Windows Server 2008.
14
B
By default a DNS server starts with no cached information.
15
D
A cached record is not cleared automatically if the client changes information.
16
B
A caching-only server does not have any zones and is not authoritative for any domains.
17
D
A caching-only server can improve performance in WAN links because after the cache is built, traffic on the WAN will decrease.
18
C
A caching-only server does not require very much technical expertise.
19
A
The Interfaces tab allows you to select which interface you want to use to listen for DNS requests.
20
C
By default the DNS server will listen to all IP addresses for DNS requests.
21
B
The Root Hints tab allows you to view the WINDOWS\System32\ Dns\Cache.dns file.
22
C
The Forwarders tab allows you to set up the local DNS server to forward DNS queries to upstream DNS servers.
23
D
A forwarder is a DNS server that receives unresolved queries sent by a forwarding DNS server.
24
B
If a DNS server is configured to use forwarding, it will still only forward after it tries to resolve it using its authoritative data and cached data.
25
B
Using forwards requires significantly more configuration.
26
A
Forwarders can improve your name resolution performance.
27
C
Forwarders allow you to forward all external queries to a DNS server outside your firewall, in order to securely resolve external names.
28
C
Without using forwarding, there is no way for a client in a child domain to resolve a query in a parent domain name.
29
A
Conditional forwarding describes a DNS server’s setup, which allows queries for specific domains to be sent to other specific DNS servers.
30
B
Conditional forwarding is very useful when merging two networks into one.
31
C
In that scenario, the best method to allow for cross company queries is to configure the DNS server to use conditional forwarding.
32
A
You cannot configure conditional forwarding for a domain in the DNS server Properties dialog box.
Answers for Chapter 4
Question Answer 33 C
Configuring Name Resolution
203
Explanation To configure conditional forwarding on a domain, you should use the DNS manager console tree.
34
B
You can replace the cache.dns file with a new file that has the new root servers.
35
B
In order for the networks to function like you want them to, conditional forwarding is the only solution that will work.
36
B
In this window you would select the DNS server role to install a DNS server.
37
C
When using this wizard, the field entered there will become the Active Directory domain name and a DNS zone name.
38
A
Checking the DNS server box will install a DNS server along with an Active Directory Domain Controller.
39
B
The Export Settings box in that window allows you to create an answer file to use in an unattended installation of Active Directory Domain Services.
40
D
The tab shown in that picture is the Root Hints tab.
41
A
When you install a DNS server and a Domain Controller at the same time, a DNS zone is automatically created to be used with Active Directory.
42
B
When you install a DNS server on a preconfigured Domain Controller, you have to create and configure zones manually.
43
C
A DNS zone is a database containing records that link names with addresses for declared parts of a DNS namespace.
44
A
There can only be one authoritative source of zone data for specific parts of a DNS namespace.
45
B
The New Zone wizard can be used to create new zones.
46
C
There is no Static Update page of the New Zone wizard.
47
A
The Zone Type page allows you to create primary, secondary, and stub zones.
48
C
You cannot use the Zone Type page to create forward lookup zones.
49
C
When you create a primary or stub zone you are given the option to store the data in Active Directory.
50
A
Primary is the main type of DNS zone.
51
A
The primary zone allows the local DNS server to answer DNS queries.
52
A
A DNS server becomes the primary source of information about a zone when it hosts the primary zone.
4A
204
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 53 A; B
Explanation The master copy of the server’s zone data can be stored in a local file or in Active Directory Domain Services.
54
C
By default the file is saved as zone_name.dns when stored locally on the DNS server.
55
D
The default location is %systemroot%\system32\DNS folder.
56
A
A secondary zone supplies a backup copy of a primary or another secondary zone, in a read-only format.
57
B
Secondary zones are used in parts of the network that are overused and heavily queried.
58
C
The server hosting the secondary zone will take over the name resolution if the primary zone server goes down.
59
C
The term master is used to describe the source of data for a secondary zone.
60
B
When data is copied from a master to a secondary zone, it is called a zone transfer.
61
D
A master can be a primary or a secondary zone.
62
B
You must set the master when creating the secondary zone.
63
B
Because a secondary zone is a copy of another zone that is hosted on another server, secondary zones cannot be stored in AD DS.
64
A
Stub zones only contain the necessary records to identify the DNS servers for the master zone.
65
B
A stub zone lets a parent zone keep an up-to-date list of the servers available in a child zone.
66
D
A stub zone can be used to make DNS administration easier and improve name resolution.
67
B
When you create a new primary or stub zone, you can also tell the wizard to store the zone in Active Directory.
68
C
Storing zone data in Active Directory eliminates the need to create a secondary server for zone transfers.
69
A
Active Directory performs zone replication for you, so there is no need to set up a method for DNS zone transfers between primary and secondary servers.
70
C
Active Directory allows single properties of resource records to be replicated and updated with DNS servers.
71
B
Using Active Directory integrated zones gives you the ability to require security for dynamic updates.
72
C
For normal Domain Controllers, the zone copy is in read-write format.
Answers for Chapter 4
Question Answer 73 A
Configuring Name Resolution
205
Explanation For read-only Domain Controllers, the zone copy is in read-only format.
74
B
When you clear the “Store the Zone in Active Directory” check box, it creates a standard zone.
75
C
If you’re creating a new zone on a non-Domain Controller, standard zone is your only option.
76
D
A standard zone stores its data in a text file located on the local DNS server.
77
C
All copies of a primary standard zone are in read-write format.
78
A
All copies of a secondary standard zone are read-only.
79
B
Using a standard zone model, if the primary zone becomes deactivated, you cannot make changes to the zone but you can still query for names.
80
D
The Active Directory Zone Replication Scope page appears only if you chose to store the zone in active directory.
81
A
The option To All DNS Servers in this Forest allows you to store the zone on all DNS servers that are also Domain Controllers in the entire Active Directory.
82
B
The option To All DNS Servers in this Domain allows you to store the zone in all DNS servers that are also Domain Controllers in the local Active Directory domain.
83
C
The option To All Domain Controllers in this Domain allows you to store the zone data on all Domain Controllers in the local domain, used for compatibility with Windows 2000.
84
D
The option To All Domain Controllers Specified in the Scope of This Directory Partition allows you to store the zone in all Domain Controllers in a specific scope of a custom Active Directory partition.
85
A
Forward lookup zones map FQDNs to IP addresses.
86
B
Reverse lookup zones map IP addresses to FQDNs.
87
A
Forward lookup zones resolve queries for FQDNs to IP addresses.
88
B
Reverse lookup zones resolve queries for IP addresses to FQDNs.
89
D
A forward lookup zone takes the name of the DNS domain for which it provides resolution.
90
A
A reverse lookup zone is named from the first three octets of the address space for which you want to provide name resolution, reverses them, and adds an ending tag of in-addr.arpa.
91
A
Inside of a forward lookup zone, an entry that maps a host name to an address is called a host or record.
92
B
Inside of a reverse lookup zone, an entry that maps an address host ID to a host name is called a pointer or PTR record.
4A
206
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 93 C
Explanation The names of the zones should match the names of the Active Directory domain for which they are providing name resolution.
94
A
DNS clients with static IP addresses attempt to update host and pointer records.
95
A
DNS clients that are also DHCP clients attempt to update host records only.
96
B
The DHCP server will update the pointer record whenever the IP configuration is renewed.
97
C
A zone must be configured to accept dynamic updates in order for dynamic DNS updates to work.
98
A; C
The two types of dynamic updates are secure and non-secure.
99
B
A secure update only allows registration from Active Directory domain members and updates only from the computer that performed the registration.
100
C
A non-secure update allows updates from any computer.
101
B
The Dynamic Update page of the New Zone wizard does not allow you to specify the zone to allow only non-secure updates.
102
C
ipconfig /registerdns
forces the DNS client to perform a dynamic
update. 103
D
In order for a server to be able to store a zone in Active Directory, it needs to be a Domain Controller.
104
C
Both SOA and NS records are created automatically when you create a new zone.
105
B
SOA records show the basic properties for the zone.
106
D
The NS record has the name of the server that is authoritative for the zone.
107
B
When a zone is loaded on a DNS server, the DNS server uses the SOA record to find the basic and authoritative properties of the zone.
108
A
Located in the Serial Number text box of the Start of Authority (SOA) tab is the revision number of the zone file.
109
B
When a zone has one or more secondary servers and the secondary server queries the master server for the serial number of the zone, it is called an SOA query.
110
B
If after an SOA query the serial numbers of the master zone and secondary server are equal, no transfer is made.
111
A
If after an SOA query the serial number of the master zone is greater than the serial number of the secondary server, the transfer is made.
Answers for Chapter 4
Question Answer 112 C
Configuring Name Resolution
207
Explanation The Increment button forces a zone transfer.
113
B
The Primary Server text box of the Start of Authority (SOA) tab contains information about the full computer name of the primary DNS server in the zone.
114
C
The Responsible Person text box of the SOA tab displays the domain mailbox for the zone administrator.
115
C
Hostmaster is the default value for the Responsible Person text box of the SOA tab.
116
D
The Refresh Interval field of the SOA tab shows the time before a zone renewal.
117
B
The default value for the Refresh Interval is 15 minutes.
118
B
Increasing the Refresh Interval field causes zone transfer traffic to decrease.
119
C
The value placed in the Retry Interval box determines the time between zone renewal attempts after it fails.
120
B
The value placed in the Expires After field determines the length of time a secondary server will continue to answer queries without contact from its master server.
121
D
The default value for the Expires After field of the SOA tab is one day.
122
A
The value configured for the Minimum (default) TTL box determines the default time to live for the resource records in the zone.
123
C
The default value for the Minimum (default) TTL box is one hour.
124
B
The name server record has the name of the server that is authoritative for a zone.
125
A
When hosting a primary zone, the name server record is created automatically.
126
B
When hosting a secondary zone, the name server record must be created manually.
127
D
The Start of Authority (SOA) record is created automatically when you create a zone.
128
A
Mail exchanger (MX) records must always be created manually.
129
A
The host resource records are the majority of resource records in a zone database.
130
C
The host record is used to tie a name to an IP address.
131
D
The problem is most likely caused by a missing host record.
132
B
The command ipconfig /registerdns will manually restart the connection between the client and DNS.
133
C
Alias resource records are also known as canonical names.
4A
208
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 134 B
Explanation Alias resource records allow you to use multiple names for the same host.
135
A
Server names like FTP or WWW are normally registered using alias resource records.
136
C
You would use an alias resource record if you are changing the name of a host and want to keep an A resource record working.
137
C
The type of record used by an email application to find a mail server inside of a zone is a Mail Exchanger resource record.
138
A
A mail exchanger resource record would allow an email address such as
[email protected] to be mapped to the mail host in the zone.
139
D
A mail exchanger resource record would be used if no mail server is specified in an email address.
140
C
Those lines are examples of possible mail exchanger resource records.
141
A
The lower the value the higher the preference, so mailserv1 would be the most preferred mail server.
142
C
Pointer resource records are used in reverse lookup zones to only support reverse lookups.
143
C
That is an example of a pointer resource record.
144
C
A service location resource record is used to find the location of certain services on the domain.
145
A
The correct SRV query is _ldap._tcp.dtilearing.com.
146
D
That is an example of a service record that was added manually.
147
B
A WINS resource record is created when a WINS server is added in the WINS tab in the properties of a forward lookup zone.
148
B
A WINS-R resource record is created when a WINS server is added in the WINS tab in the properties of a forward lookup zone.
149
C
Aging is often used to describe the process of using a timestamp to keep track of the age of dynamically registered resource records.
150
A
Scavenging is used to describe the process of getting rid of old resource records which have timestamps.
151
B
Scavenging can only be used when aging is enabled.
152
D
Aging must be enabled at the server and zone level for a certain zone.
153
A
The default timestamp for a manually created resource record is 0.
154
A
The period after a timestamp where a zone or server will not accept a timestamp is called the No-Refresh interval.
155
C
The No-Refresh interval will prevent the server from loading unnecessary refreshes and reduce unneeded zone traffic.
Answers for Chapter 4
Question Answer 156 B
Configuring Name Resolution
209
Explanation The default No-Refresh interval is seven days.
157
A
The Refresh interval is the period after a No-Refresh interval in which timestamp refreshes are accepted.
158
C
Records can only be scavenged after both the No-Refresh and Refresh intervals expire.
159
B
The default setting for a refresh zone is seven days.
160
D
The Refresh interval should be greater than or equal to the No-Refresh interval.
161
C
The GlobalNames zone will give you access to selected resources through single-label names without using WINS.
162
B
A GlobalNames zone is a forward lookup zone, not a reverse lookup zone.
163
A
The command dnscmd . /config /endableglobalnamessupport 1 is the correct command.
164
B
To create a GlobalNames zone you must create a forward lookup zone and rename it GlobalNames.
165
D
You need to add alias resource records to the GlobalNames zone to provide it with single-label name resolution.
166
C
Active Directory-integrated zones can be installed only on Domain Controllers in which DNS server role is also installed.
167
D
Active Directory-integrated zones require a domain in order to function.
168
B
A partition is a data structure in Active Directory that separates data for replication reasons.
169
B; D
ForestDNSZones and DomainDNSZones are the two default application directory partitions.
170
A
A new application partition only exists on the server in which it was created.
171
A
The option To All DNS Servers in This Forest allows you to store new zone data in the ForestDNSZones partition.
172
B
The option To All DNS Servers in This Domain allows you to store the new zone in the DomainDNSZones partition.
173
C
The option To All Domain Controllers in This Domain stores the zone in the domain partition.
174
D
The option To All Domain Controllers Specified in The Scope of This Directory Partition stores the zone in the user-created application directory partition that is specified in the drop-down list box.
175
C
In order to change the replication scope for the zone you select the change associated with replication.
4A
210
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 176 A
Explanation The command dnscmd servername /createdirectorypartition FQDN allows you to create a custom application directory partition.
177
B
The command dnscmd servername /enlistdirectorypartition FQDN allows you to add DNS servers to a custom application directory partition.
178
B
The correct command is dnscmd serv1 /createdirectorypartition DNSpart1.dtilearning.com.
179
C
The correct command is dnscmd serv2 /enlistdirectorypartition DNSpart1.dtilearning.com.
180
B
If all your DNS servers are also Domain Controllers, you should use Active Directory replication to keep zone data the same among the DNS servers.
181
C
A zone transfer is when a secondary zone pulls a copy of the zone data from a master zone.
182
D
A secondary zone can have a master which is a primary, secondary, or even an Active Directory-integrated primary zone.
183
B
If your DNS server is not also a Domain Controller, the zone data must be stored in a local text file on the DNS server.
184
C
All except for when a server hosting a primary server starts up will cause a zone transfer to happen automatically.
185
B; C; A; D A zone transfer is a zone copy that occurs between a master and a secondary server to keep zone data up to date. A primary zone is a readwrite copy that is the main source for zone data for a part of a DNS namespace. A secondary zone is a standard zone that is stored in a text file in read-only format. A stub zone is a zone that consists of only a list of servers authoritative for names in a DNS domain.
186
B; C; A
The option To Any Server allows anyone with network access to the DNS server to see the contents of the zone. The option Only to Servers Listed on the Name Servers Tab allows zone transfers only to secondary DNS servers that have a Name Server record in the zone.
187
A
To Any Server is the least secure option from that list.
188
C
A stub zone contains only the basic records in the master zone.
189
A
Sysdm.cpl will open the System Properties dialog box.
190
C
The hostname command will output the computer’s host name.
191
A; B
The pc1 part of the name is the hostname. The dtilearning.com part of the name is the primary DNS suffix.
192
B
The connection-specific suffix is used to identify certain network connections only.
Answers for Chapter 4
Question Answer 193 C
Configuring Name Resolution
211
Explanation The 015 DNS Domain Name option is used to assign the connectionspecific suffix.
194
C; A; B
The DNS client first searches using the primary DNS suffix of the local computer. Then it tries the connection-specific suffix of the network adapter. Finally it uses the parent suffix of the primary DNS suffix.
195
D
In the first attempt, the DNS client will use the name mark_pc.north.dtilearning.com.
196
D
The computer would attempt to use both mark_pc.sub1.north.dtilearning.com and mark_pc.sub2.north.dtilearning.com.
197
A
The last name that the DNS client will attempt to use in the query is the parent of the primary DNS suffix; in this case it would be mark_pc.dtilearning.com.
198
C
Windows Server 2008 will accept updates from all of those except for MX resource records.
199
A
The host resource record will return an address when queried using a name.
200
B
To make a computer attempt to force a registration in DNS, the command ipconfig /registerdns is the best choice.
201
A
To force an update of pointer records in a DHCP environment, you would use the ipconfig /renew command.
202
B
DNS clients check the DNS resolver cache before they try to query a DNS server.
203
C
To display the DNS client cache, you would use the ipconfig /displaydns command.
204
D
To clear a DNS client cache you would use the ipconfig /flushdns command.
205
C
The problem could still be in the DNS client’s cache; running the ipconfig /flushdns command would fix this.
206
B; A; C; D The command ipconfig /displaydns displays the DNS client cache. The command ipconfig /flushdns clears the DNS client cache. The command ipconfig /registerdns forces a client to attempt dynamic registration of its records. The command ipconfig /renew forces an update of pointer records on a DHCP client.
207
D
DNS clients will never try to register IPv4 APIPA address with a DNS server.
208
A
DNS clients will never try to register link-local IPv6 addresses.
4A
This page intentionally left blank
ANSWERS FOR CHAPTER
5
CONFIGURING NETWORK ACCESS N
ote that the interactive questions of the “list and reorder” type do not have a simple A/B/C answer and are therefore grouped at the end of the following grid.
Question Answer 1 D
Explanation Dial-up and VPN both provide users with remote network access.
2
A
Dial-up gives the user a high level of privacy but low performance.
3
C
VPNs give the user a high level of performance but open the network up to possible attacks.
4
B
Dial-up is now often seen as outdated.
5
D
When you use a modem to connect to a remote access server over a phone line, you are using the dial-up remote access technique.
6
C
Using dial-up over VPN does not give you a higher bandwidth.
7
B
Dial-up sends it traffic across the PSTN.
8
C
Dial-up remote access does not require you to have an Internet connection.
9
See below for information.
10
See below for information.
11
See below for information.
12
See below for information.
13
B
VPNs use the Internet to send their traffic to the remote access server.
14
A
A VPN server requires only one connection to the Internet.
15
D
VPNs do not give the user low latency; in fact, latency is normally very high for VPNs.
16
D
Using the VPN remote access technique is relatively inexpensive.
17
C
When companies require more than one or two dial-up connections, they typically use modem banks.
18
B
A modem bank takes in dial-up connections and submits authentication requests to a RADIUS server.
213
5A
214
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 19 C
Explanation The modem bank will send its authentication requests to the RADIUS server.
20
A
PPTP uses PPP authentication methods for user-level authentication and MPPE for data encryption.
21
B
L2TP uses PPP authentication methods for user-level authentication and IPSec for data encryption.
22
C
SSTP uses PPP authentication methods for user-level authentication and HTTP encapsulation over an SSL channel for data encryption.
23
PPTP uses PPP and MPPE. L2TP uses PPP and IPSec. SSTP uses PPP and HTTP.
24
B
SSTP will travel through many firewalls, NATs, and proxy servers that would normally cause other VPN technologies to fail.
25
A
SSTP is only supported by Windows Server 2008 and Windows Vista with Service Pack 1.
26
C
Windows Server 2008 VPN server will support all three VPN technologies at the same time by default.
27
C
One network adapter should be connected to the public Internet, and the other to the intranet.
28
D
With the defaults, Windows Server 2008 creates 128 ports for each of the VPN technologies.
29
A
Each VPN connection requires only one port.
30
C
When you create a VPN server, it blocks all incoming traffic except for incoming VPN traffic. So you must create exceptions and filters for the traffic you want to come in.
31
See below for information.
32
A
Windows Groups, Machine Groups, and User Groups force the computer or user to belong to a specific group in order to be granted access.
33
C
Day and Time restrictions limit network usage to specific days or times.
34
A
Access Client IPv4 Address and Access Client IPv6 Address limits access based on the IP address of the client when the server is acting as a VPN server.
35
B
Client IPv4 Address and Client IPv6 Address limits access based on the IP address of the client when the server is acting as a RADIUS server.
36
A
NAS IPv4 Address and NAS IPv6 Address limits access based on the IP address of the wireless access point.
37
A
Authentication Type, Allowed EAP Types, Framed Protocol, Service Type, and Tunnel Type require specific authentication methods or protocols.
38
D
Calling Station ID accepts connections from only specific phone numbers.
Answers for Chapter 5
Question Answer 39 D
Configuring Network Access
215
Explanation NAS Port Type is used to restrict access to modems, wireless access points, or VPN connections.
40
C
NAP cannot check for viruses or other malicious software; it can only check for updates and antivirus software.
41
C
Network Access Protection (NAP) is created to connect hosts to separate resources when they have different health states. A computer that does not meet the network requirements is placed in a separate network where it can install updates for any deficient software.
42
C
A network resource must allow or deny network access to enforce NAP.
43
D
All are NAP enforcement types except for Active Directory Domain Controllers.
44
A
IPSec connection security requires clients to do a NAP health check before they are granted a health certificate.
45
C
IPSec connection security can require health checks on a per-IP address basis.
46
D
IPSec can be used to allow only healthy computers to communicate with other healthy computers.
47
C
802.1X access points use Ethernet switches or wireless access points that support 802.1X authentication.
48
A
802.1X access points can give compliant computers full network access and connect noncompliant computers to a remediation network.
49
A
802.1X uses an ACL and VLAN to control the level of access computers receive.
50
B
An address control list (ACL) is a set of IPv4 or IPv6 packet filters on the 802.1X access point.
51
D
A virtual local area network (VLAN) is a group of ports on a switch that are grouped together in order to create a separate network.
52
D
VPN server enforcement type enforces NAP for remote access connections that use a VPN server running Windows Server 2008 and Routing and Remote Access.
53
C
DHCP server enforcement type requires you to be running a Windows 2008 server with the DHCP service.
54
D
DHCP server enforcement will give noncompliant computers an IP address with a subnet mask of 255.255.255.255 and no default gateway.
55
A; C
The two main components of a NAP health validation are the SHA and the SHV.
56
A
A System Health Agent (SHA) is the client component that creates a Statement of Health.
5A
216
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 57 D 58
Explanation SHVs are the server components that analyze the Statement of Health and create a Statement of Health Response. See below for information.
59
A
The testing phase is when you use different operating systems, client configurations, and enforcement points.
60
B
The monitoring phase is when the NAP is set up to notify when a computer fails the health requirements but it does not limit the computer’s connection.
61
B
During the limited access phase you will begin to deny connections to your network if the computer doesn’t meet the health requirements.
62
C
To make a Windows Server 2003 RADIUS server into a Network Policy server, you must upgrade it to Windows Server 2008 and then configure it as a NAP health policy server.
63
D
A NAP health policy server operates on a Windows 2008 server; it is not possible to convert other OS platforms into Network Policy Servers.
64
A
When you install the HRA role service, it will also configure a CA for you if you do not already have one.
65
D
The HRA role service also creates a web application named DomainHRA under the default website in IIS.
66
C
Enforcement Servers is not one of the sub-nodes used to configure the client NAP settings.
67
A
The Enforcement Clients sub-node requires you to configure one policy that forces clients to use that policy.
68
B
The User Interface Settings sub-node is used to change the text portion of the NAP client interface.
69
A
You must use the Request Policy sub-node to configure cryptographic settings for NAP clients.
70
B
The netsh nap client show state command will show the client’s NAP configuration.
71
D
The command netsh nap client set enforcement 79617 enable will enable the DHCP Quarantine enforcement client.
72
C
There is no need for a full access server group.
73
A
The connection request policy declares whether a request should be processed by the Name Policy Server.
74
B
The system health validators determine the health checks that a client must pass in order to be considered compliant.
75
See below for information.
Answers for Chapter 5
Question Answer 76 C
Configuring Network Access
217
Explanation Wireless networks have little impact on the physical environment, so they would be a suitable solution to this problem.
77
D
Those types of businesses often have public wireless network connections for their customers to use.
78
B
Setting up a wireless network for a home is a simple task that does not require much time.
79
C
A wireless network can allow users to connect directly to other users instead of to a network device first.
80
A
Physical connections are more secure than non-physical ones.
81
D
Most wireless networks have neither authentication nor encryption enabled by default.
82
A
Both WEP and WPA are vulnerable to cracking attacks.
83
B
802.11b is the original wireless network type that has a theoretical network throughput of 11 Mbps.
84
C
802.11g has a theoretical network throughput of 54 Mbps.
85
D
802.11n has a theoretical network throughput of 250 Mbps.
86 87
See below for information. A
88
802.11a uses the range of 5.4 GHz instead of the 2.4 GHz range. See below for information.
89
B
No security allows users to connect without any authentication or encryption.
90
C
WEP gives the user a universally supported method of authentication and encryption.
91
C
WEP can use 64-bit and 128-bit encryption.
92
B
WPA offers significantly higher levels of cryptography than WEP but less than WPA2.
93
WPA-PSK uses a pre-shared key and WPA-EAP uses a RADIUS server to authenticate users.
94
A
WPA-PSK uses a static key and because of this is vulnerable to bruteforce attacks.
95
C
WPA-EAP is the more secure type because it uses a backend server like a RADIUS server to authenticate requests.
96
D
WPA2 is also called IEEE 802.11i.
97
B
WPA2 provides the best security and protection from attacks.
98
D; B; F; E; C; A
The list of wireless security standards from the most secure to the least is as follows: WPA2-EAP, WPA-EAP, WPA2-PSK, WPA-PSK, 128-bit WEP, and 64-bit WEP.
5A
218
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 99
Explanation In infrastructure mode, wireless access points act as central hubs. In ad hoc mode, wireless communication occurs directly between wireless clients.
100
A
Infrastructure mode allows a wireless client to connect to a wireless access point that will act as a hub for wireless clients in the area.
101
C
Ad hoc mode is used to connect wireless computers directly to each other without going through a wireless access point.
102
See below for information.
103
D
The mode that should be selected is Computer Only, because it will allow you to authenticate before the user logs on.
104
B
User Only is the mode that should be used if you want users to be authenticated after they supply their Windows credentials.
105
C
The Computer and User mode will authenticate before and after a Windows logon.
106
B
Single Sign On allows the administrator to set up user authentication to the wireless network before the user logs on to the network.
107
See below for information.
108
A
PEAP requires a computer certificate on a RADIUS server and a computer certificate or user certificate on all wireless client computers.
109
B
The Smart Card authentication method requires that you use a device, such as a Smart Card, in order to provide a certificate.
110
C
EAP-MSCHAP v2 requires computer certificates to be installed on all RADIUS servers and requires all client computers to trust the CA.
111
D
A RADIUS proxy will add a layer of separation between the access points and the RADIUS servers.
112
D
A RADIUS proxy will allow you to forward RADIUS requests to specific RADIUS servers.
113
B
EAP is compatible with the 802.1x enforcement method.
114
B
You can configure the firewall scope to allow only the internal address to access the servers using remote desktop.
115
C
Scopes are used to block connections from external sources but allow connections from the internal network.
116
A
A firewall can examine the packets that are sent to and from your computer.
117
118
The domain profile is used on domains whenever a member computer contacts a Domain Controller. The private profile is used in safe locations like a private house or office. Public is used by default, and it blocks all incoming traffic. B
The domain profile is used for computers connected to its Active Directory domain.
Answers for Chapter 5
Question Answer 119 B
Configuring Network Access
219
Explanation Most users will mark their home office as a private network.
120
B
Private is never assigned automatically.You have to mark a network as private manually.
121
C
The public firewall profile is assigned by default to all new network connections.
122
D
The Public firewall profile blocks all incoming traffic.
123
A
The Public profile will not allow any kind of incoming connection unless the settings are changed manually.
124
A; C
Private and Domain firewall profiles will allow some connections by default.
125
A
Only the first statement is true. Windows will change its firewall rules automatically only when you’ve added a Windows feature.
126
B
You would configure the firewall scope to allow only certain subnets to connect to an internal server.
127
See below for more information.
128
A
The Program option will allow you to block specific executable files.
129
B
The Port option will allow you to block connections for a specific port.
130
B
You should configure the firewall scope if you want to allow specific applications to connect only to internal subnets.
131
C
The Predefined option lets you modify the connections for Windows components.
132
D
The Custom option allows you to specify a combination of program and port information.
133
C
You cannot select specific sources for the allowed connections in this part of the wizard.
134
D
The “Allow the Connection If It Is Secure” option will only allow connections that are protected with IPSec.
135
B
Allow Connection does not allow all connections, just the ones specified on the previous pages. Block All Connections will block the connections specified on the previous pages.
136
B
Allow Connection will allow connections only from the source specified in the previous pages of the New Inbound Rule wizard.
137
B
Allowing outbound connections is a lot less risky to your network than allowing inbound connections.
138
C
Blocking outbound connections will not prevent a worm or virus from infecting a computer from a local source, such as a flash drive or floppy disk.
139
C
IPv4 and related protocols do not have outbound rules enabled by default.
5A
220
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 140 B
Explanation You should add a firewall scope for the subnet that the mobile computers will use.
141
B
You must add firewall authorization for the specific group that you want to allow to connect to the data. In this example, you would allow the accounting group.
142
B
The node “Computer Configuration\Policies\Windows Settings\ Security Settings\Windows Firewall With Advanced Security\Windows Firewall with Advanced Security” will work on Windows Vista and Windows Server 2008.
143
C
The node “Computer Configuration\Policies\Administrative Templates\ Network\Network Connections\Windows Firewall” can be used on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
144
B
You should create a separate GPO for Windows Vista/Windows Server 2008 and Windows XP/Windows Server 2003.
145
D
Logging lets you monitor the traffic that your firewall is blocking or allowing.
146
A
By default, Windows stores log entries in %SystemRoot%\System32\ LogFiles\Firewall\Pfirewall.log.
147
C
Windows Firewall only stores the last 4KB of the log data by default.
148
D
Netstat can search a computer for ports that are actively searching for connections.
149
C
The port number that the program is listening on is 135.
150
B
Home is not a default mobile firewall profile.
151
D
You should use the Public profile in free hotspots.
152
A
The Public firewall profile will block all incoming traffic but allow outgoing traffic.
153
C
If you want to ensure that the servers will continue to operate if the Domain Controller goes down, you must configure all of the profile types.
154
C
A firewall is used to drop unwanted traffic but allow wanted traffic.
155
C
Domain Only is not a valid wireless authentication method.
156
C
The best way to issue trusted certificates is to use an enterprise PKI such as the Active Directory Certificate Services role.
157
C
You would use a RADIUS proxy to send requests to different RADIUS servers based on different criteria.
158
A
A RADIUS proxy can be used to divert traffic from one RADIUS server to another.
159
C
A RADIUS can be seen as a standards-based authentication device.
Answers for Chapter 5
Question Answer 160 A
Configuring Network Access
221
Explanation Another name for a RADIUS log file is an IAS log.
161
D
The RADIUS log file is stored in %SystemRoot%\system32\LogFiles.
162
C
The system will add an event to the Security event log when a user attempts to connect to an access point that is configured to use a Windows Server 2008 computer as a RADIUS server.
163
D
Failed attempts to connect to an access point will show up as Audit failure in the event log.
164
C
Audit success events in the security event log are attempts to access that are allowed by the RADIUS server.
165
A
The command netsh ras set tr * en will enable trace logging.
166
C
%SystemRoot%\tracing\IASNAP.log is the location of the trace log.
167
C
A trace log will provide the most detailed information.
168
B
The most common type of wireless network is 802.11b.
169
C
802.11g has a theoretical network throughput of 54 Mbps.
170
C
802.11g-only mode will offer better speeds than mixed mode.
171
B
Mixed mode will allow an 802.11g to connect to 802.11b networks.
172
A
802.11a uses the 5.4 GHz range, which is different than the other types.
173
A
WEP 64-bit is the least secure form of security for wireless networks.
174
A
Dial-up remote access does not require that the user be connected to the Internet.
175
A
VPNs have a tendency to cause your connection to have high latency, which means that there is a large delay when a packet is sent from a client to a server.
Question 9 Dial-Up Advantages
VPN Advantages
No Internet connection required
High bandwidth potential
Small privacy risks
Low cost
Consistent performance Question 10 Dial-Up Disadvantages
VPN Disadvantages
High cost
Internet connection required
Low bandwidth
High latency
5A
222
MCTS: Windows Server 2008 70-642 Q&A
Question 11 Dial-Up Advantages
Dial-Up Disadvantages
No Internet connection required
Cost of scalability
Privacy risks
Bandwidth potential
Performance Question 12 VPN Advantages
VPN Disadvantages
Bandwidth potential
Internet required
Cost
Latency
Question 31 Connection Restriction
Use
G. Requires the user or computer to be in a certain group.
Windows Groups, Machine Groups, and User Groups
B. Restricts the connection for certain portions of the week or day.
Day and Time Restrictions
C. Controls access depending on the IP address of the client when the Windows Server 2008 computer is acting as a VPN server.
Access Client IPv4 Address and Access Client IPv6 Address
H. Controls access depending on the IP address of the client when the Windows Server 2008 computer is acting as a RADIUS server.
Client IPv4 Address and Client IPv6 Address
A. Controls access based on the IP address of the wireless access point.
NAS IPv4 Address and NAS IPv6 Address
D. Requires certain protocols and authentication methods.
Authentication Type, Allowed EAP Types, Framed Protocol, Service Type, and Tunnel Type
E. Allows connections from a specific phone number.
Calling Station ID
F. Allows you to restrict access to modems, wireless access points, or VPN connections.
NAS Port Type
Answers for Chapter 5
Configuring Network Access
223
Question 58 Deployment Phase
Explanation
Testing
Uses different examples of different OS, client configurations, and enforcement types.
Monitoring
Launches NAP but does not limit connections yet.
Limited Access
Launches NAP and enables NAP enforcement.
Question 75 Wireless Network Benefits
Wireless Network Problems
Impact on place of deployment
Non-physical connection
Mobility
Default security settings
Speed of deployment
Security of WEP and WPA
Question 86 Network Type
Definition
802.11a
Uses the 5.4 GHz range.
802.11b
Has a theoretical network throughput of 11 Mbps.
802.11g
Has a theoretical network throughput of 54 Mbps.
802.11n
Has a theoretical network throughput of 250 Mbps.
Question 88 Standard
Use
Wired Equivalent Protection (WEP)
Original wireless security standard requires you to enter a key or passphrase.
Wi-Fi Protected Access (WPA)
Has stronger cryptography than WEP but still has vulnerabilities.
WPA2
Most advanced wireless security standard and most secure.
Question 102 Computer only
Windows authenticates to the wireless network before showing the Windows logon screen.
User only
Windows authenticates after the user logs on.
Computer and user
Windows authenticates before the user logs on. And after going through the Windows logon it will authenticate using the user attributes.
5A
224
MCTS: Windows Server 2008 70-642 Q&A
Question 107 Authentication Method
Requirements
Protected EAP (PEAP)
Requires you to set up a computer certificate on a RADIUS server and a computer certificate or user certificate on all wireless client computers.
Smart Card or Other Certificate
Requires you to set up a computer certificate on a RADIUS server and a computer certificate or user certificate on all wireless client computers. Also requires that the user provide a certificate or a Smart Card.
Secured Password (EAP-MSCHAP v2)
Requires computer certificates to be installed on all RADIUS servers and requires all client computers to trust the CA that gave them the computer certificate.
Question 127 Option
Rule Type
Program
Blocks connections for a specific executable file.
Port
Blocks connections for a specific TCP or UDP port number.
Predefined
Controls connections for Windows components.
Custom
Can combine program and port information.
ANSWERS FOR CHAPTER
6
CONFIGURING FILE AND PRINT SERVICES N
ote that the interactive questions of the “list and reorder” type do not have a simple A/B/C answer and are therefore grouped at the end of the following grid.
Question Answer 1 C
Explanation The command to configure NTFS permissions from a command prompt, icacls. icacls/?, will give you complete usage information.
2
C
User files allow the user and administrator to have full access. It does not allow another user to read or write to a user’s files.
3
B
The default NTFS file permissions for system files do not allow users to write to the %SystemRoot% folder.
4
A
The default NTFS permissions for the %ProgramFiles% folder are Full control for administrators but read-only for users.
5
A
List Folder Contents gives the user only the ability to view the contents of a folder, but not to access any of the files.
6
C
The Read permission allows a user to view the contents of a file and also open files.
7
A
The Read and Execute permission allows a user to run applications but not modify the files.
8
B
The Write permission allows the users to write files to a folder, but not view the contents or access the other files.
9
A
The Modify permission allows a user to read, edit, and delete files and folders.
10
D
Full control will allow you to modify the permissions of a specific file or folder.
11
D
The command icacls file /grant administrator:(D, WDAC) gives a user the ability to write and delete a file.
12
C
EFS will protect files and folders even if an attacker removes the hard disk and places it in another computer.
225
6A
226
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 13 C
Explanation The option “Require a Smart Card for EFS” will prevent the use of software certificates for EFS.
14
B
The Group Policy setting that will encrypt offline files with EFS is “Computer Configuration\Policies\Administrative Templates\Network\ Offline Files\Encrypt the Offline Files Cache.”
15
B
The Group Policy setting “Computer Configuration\Policies\ Administrative Templates\Windows Components\Search\Allow Indexing of Encrypted Files” will disable the ability to index files that are encrypted with EFS.
16
See below for information.
17
A
The file server role will allow you to use the Share and Storage Management snap-in.
18
C
The File Server Resources Manager role will install tools to create storage reports, configure quotas, and define file-screening policies.
19
C
To control file access on a Windows Server, you use NTFS file permissions.
20
B
To control file privacy on a Windows Server, you use Encrypted File System (EFS).
21
A
To provide redundancy access on a Windows Server, you use Distributed File System (DFS).
22
A
To control file replication between file servers on Windows Server, you use Distributed File System (DFS).
23
D
To control file space utilization on a Windows Server, you use quotas.
24
B
To control file integrity and backups on a Windows Server, you use shadow copies.
25
C
Windows files are not one of the basic file types.
26
A
Users have full control over all their own files.
27
B
Users have Read permission to system files and do not have Write permission.
28
C
Users have Read and Run permissions to program files.
29
D
Administrators have Full control over all files.
30
C
Any new folders created in the root of a disk will give users Read access and the administrator Full control.
31
A
Any new folders created in the root of a disk will give users Read access and the administrator Full control.
32
F
Administrators may assign user or groups any of the following permissions—List Folder Contents, Read, Read and Write, Modify, and Full Control.
Answers for Chapter 6
Question Answer 33 D
Configuring File and Print Services
227
Explanation Read and Execute is designed to allow a user to read or open a file or folder and also run an application. With Read access, users cannot run applications. Modify allows too much control.
34
C
The Security tab, used to set NTFS Permissions, is found on the Properties dialog box.
35
C
Permissions are cumulative, so Marsha’s Full control is the highest and will remain except when she is assigned the Deny permission when becoming a member of the Public Group. Deny overrides all other permissions.
36
D
Special permissions are assigned from the Advanced button on the Security tab.
37
C
To configure NTFS permissions from a command line, use the Icacls command.
38
D
NTFS file permissions are in effect whenever users access the files or folders.
39
D
Any of these techniques can compromise NTFS security.
40
D
None of these techniques can compromise EFS file encryption.
41
A
To encrypt a file or folder with EFS from the Properties dialog box, select the Advanced button and click the Encrypt Contents to Secure Data check box.
42
C
Windows Explorer shows encrypted files in green.
43
C
Backing up the EFS keys is important on a standalone computer because, if they are lost, the files are inaccessible.
44
B
EFS protection only affects files accessed on the local computer. Windows will automatically decrypt files after sharing is configured properly.
45
D
Windows Server 2008 added the File Server Services role for sharing folders and managing shared files.
46
D
Windows Server 2008 File Services role Services for Network File Systems provides connectivity for UNIX clients that use NFS.
47
B
Windows Server 2008 File Services role allows you to use the Share and Storage Management snap-in.
48
A
The Windows Server 2008 Distributed File System role will prompt you to configure a namespace.
49
C
Windows Server 2008 File Server Resources Manager role installs tools for configuring disk quotas.
50
E
Windows Server 2008 Windows Search Services role will prompt you to enable indexing on the local disks.
6A
228
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 51 D
Explanation Windows Server 2003 File Services role provides compatibility with Windows Server 2003 computers.
52
C
Windows Server 2008 File Server Resources Manager provides tools for generating storage reports.
53
B
Distributed File System Services role provides for file replication between servers.
54
D
Windows Server 2008 File Server Services role Services for Network File Systems provides connectivity for UNIX clients that use NFS.
55
A
Windows Server 2008 File Server Resources Manager role supports defining file screening policies.
56
E
Windows Search Services role indexes files for faster searching and is not intended for enterprise use.
57
A
The File Server role is added to your Windows Server 2008 computer from the Server Manager > Roles > Roles wizard.
58
E
Internet Information Services is not a File Services role.
59
E
Quotas can be configured using the Quota Management console, the dirQuota tool, Group Policy, or Windows Explorer.
60
A
The Quota Management console is the recommended way to configure disk quotas in Server 2008.
61
C
Windows Server 2008 File Server Resources Manager role installs the Quota Management console.
62
E
The Quota Management console supports templates that have hard quotas, soft quotas, limits, email warning, and extensions to limits.
63
C
A new custom template starts with a copy of a standard template.
64
A
Thresholds define what actions are applied to users when they reach a quota or a percentage of a quota.
65
E
The Add Threshold dialog box has four options—email, command, event log, and report.
66
D
To set a 200MB hard limit on D:\Share, you would use dirQuota Quota add/path:D:\data /Limit:200MB/Type:Hard.
67
C
To obtain complete instructions and options for dirQuota, use dirQuota/?.
68
B
When users exceed their quotas, the event ID is 37
69
A
When user exceed their warning levels, the event ID is 36.
70
D
Enable Disk Quotas turns on disk quotas.
71
A
Default Quota Limit and Warning Level defines the quota limit and warning levels.
Answers for Chapter 6
Question Answer 72 C
Configuring File and Print Services
229
Explanation Enforce Disk Quota Limit will deny users disk space if they exceed their quota limits.
73
B
The Contributor permission level provides read and write access equivalent to the Change Share permission.
74
F
The Provision a Shared Folder wizard shares folders, configures quotas, sets NTFS permissions, sets share protocols, applies file filters, and publishes the share to DFS.
75
C
The example is formatted with the Universal Naming Convention (UNC) format.
76
C
DFS provides a single namespace for users to connect to all the file shares in the organization. All DFS shared folders can be accessed with one drive letter on the client computer.
77
D
The DFS namespace in Active Directory domains would use the domain name followed by the name created for the folder.
78
D
The New Namespace wizard prompts for the name of the server hosting the namespace, the name of the share (this is the name users will see), and finally the domain name or, if not an Active Directory DFS, the server name again to act as the root of the DFS namespace.
79
A
The General tab allows you to add a description to the namespace properties.
80
B
The Referrals tab allows you to change how clients access the root of a namespace or targets.
81
C
The Advanced tab allows you choose from two polling configurations.
82
B
Selecting Lowest Cost will direct clients to the closest target computer first.
83
C
The Shadow Copies feature allows backup software to access a file that is in use.
84
C
The Setting dialog box is used to define where shadow copies are stored, how much space they use, and how often they are created.
85
B
The Shadow Copies feature stores only the changes to files. In this case, the original file and the changed data would be stored.
86
C
The command vssadmin list shadows will list the shadow copy IDs used to revert to a stored copy.
87
B
Type vssadmin list shadowstorage at the command prompt to view the storage currently allocated to shadow copies.
88
D
Windows backup creates a WindowsImageBackup folder on the root of the backup media to hold a folder with the current computer’s name.
6A
230
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 89 D
Explanation Windows Backup creates a catalog folder with the Globalcatalog and BackupGlobalCatalog files and a "Backup<month>" folder containing the .vhd disk image.
90
C
Scheduling backups in Windows Backup requires the exclusive use of a local dedicated disk.
91
B
The Select Destination Disk page warns that after selecting a destination for the backup it will be reformatted and all existing data will be lost.
92
A
The wbadmin tool can initiate backup from a script at a command prompt.
93
B
To run a backup from a command line using the wbadmin tool, you use the command wbadmin start backup, followed by the target drive and then the drive to include in the backup.
94
D
The Select Recovery Type page includes three options for the type of recovery you want to use and includes Files and Folders, Applications, and Volumes.
95
C
To perform a complete system recovery, start the computer with the Windows Server 2008 media and click Repair Your Computer after starting the Installation wizard.
96
D
The Windows Complete PC Restore is the System Recovery option that will restore your entire server from a backup by overwriting the volumes you are recovering.
97
D
Windows Server 2008 provides printer management through the Print Management snap-in, the Control Panel, and several command-line tools.
98
B
LPD or Line Printer Daemon Service allows clients using LPD protocol to print. Commonly used by UNIX clients.
99
C
Internet Printing Protocol (IPP) allows clients to manage print jobs from their web browser.
100
A
The Print Server role installs the Print Management snap-in.
101
D
A local printer is always attached directly to the server.
102
B
To use the drive you received with the printer, select the Have Disk option, and then select the driver and printer if necessary. Click OK and then Next.
103
A
In the Print Management snap-in, the options are Share This Printer, Render Print Jobs On Client Computers, and List In the Directory.
104
C
The three printer permissions are Print, Manage Printers, and Manage documents.
Answers for Chapter 6
Configuring File and Print Services
231
Question 16 Role
Use
File Server
Allows the use of the Share and Storage Management snap-in.
Distributed File System
Enables the sharing of files using the DFS namespace.
File Server Resources Manager
Will install tools for creating storage reports and configuring quotas.
Services for Network File System
Allows you to connect to the UNIX client computers that use FS for file sharing.
Windows Search Service
Allows for faster searching.
Windows Server 2003 File Services
Gives compatibility for computers running Windows Server 2003.
6A
This page intentionally left blank
ANSWERS FOR CHAPTER
7
MONITORING AND MANAGING A NETWORK INFRASTRUCTURE Question Answer 1 C
Explanation Windows Server Update Service (WSUS) is a private version of Windows Update that can be configured locally to download and distribute updates to client computers.
2
C
Using WSUS does not get your update any sooner so this is not an advantage of using it.
3
D; C; A; B; E
The WSUS connects to Windows Update, downloads any updates, requests administrative approval, and then prioritizes the updates. Finally, the clients check for updates.
4
A
The WSUS client will not check the Windows Update server on the Internet once it has been configured to use it.
5
E
Windows Server Update Services clients will make and install updates, restart a PC after updates are installed, and install updates at scheduled times.
6
D
WSUS uses the Secure Hash Algorithm (SHA1) hash.
7
B
Because Windows Update settings apply to all the computers in the network, Group Policy is the best way to distribute these settings.
8
A
The Windows Update Group Policy setting is found in Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update.
9
C
The default Automatic Updates Detection Frequency is 17 to 22 hours.
10
C
The Allow Automatic Updates Immediate Installation policy setting is used to install updates right away when a restart is not required.
11
B
The Configure Automatic Updates policy specifies whether the user is prompted to install the updates or the Windows Update client automatically installs them.
12
C
The Do Not Display ‘Install Update and Shut Down’ Option in Shut Dialog Down Box is both and computer- and user-specified WSUS Group Policy setting.
233
7A
234
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 13 D
Explanation Remove Access to Use All Windows Update Features is a user-specified WSUS Group Policy setting.
14
B
You should plan for each regional office of 10 or more computers to have a separate WSUS server.
15
A
The WSUS database should be backed up but redundancy is not required and servers should be returned to service within a week. There is no direct impact on users due to the loss of the server.
16
C
The WSUS database should be backed up but redundancy is not required and servers should be returned to service within a week. There is no direct impact on users due to the loss of the server.
17
D
In a single location one WSUS server is all that is needed regardless of the number of computers.
18
C
Each remote location that is separated by a WAN connection requires its own WSUS server. This setup optimizes bandwidth and makes updates more available.
19
B
With an origination with multiple offices on separate WAN connections, the WSUS servers should be configured into a hierarchical structure with one server receiving updates from Microsoft Update and the others configured to receive updates from their parent servers.
20
D
A requirement of implementing a WSUS deployment is that the WSUS server and clients must be able to establish HTTP or HTTPS connections.
21
A
The following computer operating systems are able to use WSUS— Windows 2000 with SP3 or SP4, Windows XP Professional, and Windows Vista.
22
F
Windows Server 2003 and Server 2008 are qualified to use WSUS.
23
C
WSUS servers can retrieve updates from Microsoft Updates or from another WSUS server.
24
B
When a WSUS server is configured to synchronize, it becomes a replica of the parent WSUS server.
25
D
The server that is synchronized to a parent server does not need to have updates approved.
26
A
When a WSUS server is configured as autonomous, its updates must be approved. This is a useful option to give multiple IT departments control over update approvals for their individual departments.
27
C
The recommended minimum storage space for locally storing updates is 6GB.
28
B
The number of languages supported will affect the amount of disk storage space required for storing updates locally on the WSUS server.
Answers for Chapter 7
Question Answer 29 D
Monitoring and Managing a Network Infrastructure
235
Explanation Storing updates locally will reduce Internet bandwidth usage by allowing clients to update from a local WSUS server located on the LAN.
30
C
The Internal Windows WSUS database requires a minimum of 3GB of space but may use as little as 1GB.
31
B
Download updates only in the languages needed to save disk space.
32
A
Download updates only in the languages needed to save disk space and bandwidth.
33
F
Microsoft Updates are available for Office, Exchange, SQL Server, and ISA Server.
34
A
Windows Update Console, Configuration Manager 2007, Microsoft Baseline Security Analyzer, and Network Access Protection Call all identify client computers with missing updates.
35
C
The Microsoft Baseline Security Analyzer and Network Access Protection can identify computers which have missing updates or are otherwise out of date.
36
D
Network Access Protection (NAP) can monitor for updates and when NAP enforcement is enabled, they can remove client computers that do not meet update requirements.
37
C
WSUS is downloaded from Microsoft at www.microsoft.com/wsus.
38
B
The first step after installing WSUS is to click the Synchronize Now link in the Update console.
39
C
The Update Source and Proxy Server option is where you can configure the WSUS servers’ update sources.
40
A
The typical computer groups used for testing are Testing, Pilot, and Production. These groups represent the stages of testing for updates. Beta is not a computer group.
41
D
Smaller organizations typically use server-side targeting to create their computer groups in WSUS.
42
C
The default group of computers in WSUS is called All Computers.
43
B
To add a computer group, you right-click the All Computers group or the group you want to nest the new group into, and then click Add.
44
C
To add a computer to a group, you right-click the All Computers group, select the unassigned computer, and then choose Change Membership.
45
D
The first step when using client-side targeting is to set the Computer Options in the Details pane to use Group Policy or Registry Setting On Computers.
7A
236
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 46 B
Explanation After selecting the Use Group Policy Settings in the Update Services console, you configure a GPO for each group you want to create and apply it to the appropriate computers.
47
C
The Group Policy setting is found in Computer Configuration\Policies\ Administrative Templates\Windows Components\Windows Update and Enable Client-Side Targeting.
48
D
In the Set the Internet Update Service for Detecting Updates box, you enter the name of your WSUS server’s computer name as an HTTP address.
49
A
After setting the location of the WSUS server, double-click the Configure Automatic Updates and configure the automatic updates settings.
50
B
After setting the location of the WSUS server, double-click the Configure Automatic Updates and configure the automatic updates settings and select 4 Auto Download and Schedule The Install.
51
C
By default, the WSUS server does not approve any updates. The updates options must be set to approve updates for client distribution.
52
D
Patches is NOT one of the WSUS server updates options.
53
B
The Critical Updates option displays the high-priority updates.
54
D
The WSUS Updates option displays the updates related to the update process.
55
A
To set a deadline for clients in install updates, right-click on the computer group and select deadline, and then select the deadline.
56
C
Declining updates in the WSUS console only helps organize the updates in the console. If updates are not approved, they are not made available to the clients.
57
B
The Updates Services Console > Reports node contains reports of updates, computers, and synchronizations.
58
D
The Computer Tabular Status shows whether each update has been installed on each computer in a format that can be exported to a spreadsheet.
59
A; C; B
To identify the source of the problem, first examine the windowsupdate.log file located on the system root for error messages, and then verify that the client computer can connect to the WSUS server by entering the address WSUS_Server_Name into the browser at the client computer. Finally, you check the policy by running the RSoP tool.
60
B
To stop the update service on the client computer, use net stop wuauserv.
61
C
To start the update service on the client computer, use net start wuauserv.
Answers for Chapter 7
Question Answer 62 A
Monitoring and Managing a Network Infrastructure
237
Explanation The command wuauclt / a will force the client computer to query the update server for updates.
63
B
The Windows Update Server warning event ID 16 warns when the client cannot connect to the update server.
64
A
The source for the log files that Windows Update client adds to the system log is WindowsUpdateClient.
65
C
To view installed updates, open the Control Panel, click the System and Maintenance link, and then open Windows Updates.
66
D
The Knowledge Base (KB) number is used to identify and then remove a possible error-causing update.
67
B
To open Performance Monitor, choose Service Manager > Diagnostics > Reliability and Performance > Monitoring > Performance Monitor.
68
B
The duration setting for one hour of data is 3,600.
69
A
The duration setting for one full day of data is 86,400.
70
C
To change the colors of a counter, you select the Data tab on the Properties page of Performance Monitor.
71
D
From the Graph tab of the Performance Monitor properties, you can select from Line, Histogram, or Report Graph types.
72
B
The Source tab will allow you to select from live data or log files that have been saved as a data collection set.
73
C
The Appearance tab is used to change the color of the background.
74
D
The Graph tab will allow you to change the scroll so data goes from right to left in the Scroll Type Group.
75
C
Reliability Monitor rates a computer from 0 to 10 with 10 being the most reliable.
76
A
Reliability Monitor rates a computer from 0 to 10 with 0 being the least reliable.
77
B
Reliability Monitor rates a computer from 0 to 10 with 10 being the most reliable.
78
A
The daily data points are Reliability Point values for each day.
79
E
The bottom of the graph is showing a miscellaneous shutdown failure.
80
B
The Reliability Monitor uses the Reliability Analysis Component (RAC) to run RACAgent.exe once an hour as a hidden task schedule.
81
D
To view hidden tasks, select the View menu and enable Show Hidden Tasks.
82
C
Data collector sets gather system information, configuration settings, and performance data.
7A
238
MCTS: Windows Server 2008 70-642 Q&A
Question Answer 83 C
Explanation LAN diagnostics can be used to check for network problems, including VPN connectivity problems.
84
A
System diagnostics log information from the System Performance Data Collector set, plus detailed system information useful for troubleshooting hardware reliability problems.
85
A
The System Performance Diagnostics Data Collection Set collects information for a period of one minute and then automatically stops.
86
D
The LAN Diagnostics Data Collection Set collects information for an unlimited period; to stop the Collector Set, right-click and choose Stop.
87
A
The Wireless Diagnostics Data Collection Set collects information for an unlimited period; to stop the Collector Set, right-click and choose Stop.
88
B
The Data Collection reports are automatically saved using the yyyymmdd#### convention.
89
C
Windows Vista, Server 2008, and Server 2003R2 can act as collecting computers. Windows XP SP2 and Windows Server 2003 Sp1 or 2 can act as sending computers.
90
A
Event forwarding uses HTTP or HTTPS to forward events on the same protocol used to browse websites.
91
C
WinRM (Windows Remote Management command-line tool) is used to configure the forwarding computer.
92
D
The Collection Service is called Windows Event Collection and is configured with the command wecutil qc.
93
C
The Subscriptions node in the console tree of Event Viewer will configure the Windows Event Collector service to start automatically.
94
B
To start the collection service in Windows Server 2008, you double-click on Subscriptions in Event Viewer.
95
A
Choose Server Manager > Diagnostics > Event Viewer node > Subscriptions to open a subscription form.
96
C
Optimized is NOT one of the three options for event forwarding subscriptions.
97
B
To configure the forwarding computer to use encrypted HTTPS, run winrm quickconfig –transport:https at a command line with administrative privilege.
98
D
Network Monitor is downloaded for free from Microsoft downloads.
99
B; C; A
To start monitoring, you need to open the program on the Start tab and select the network adapter you want to monitor.
Answers for Chapter 7
Question Answer 100 B
Monitoring and Managing a Network Infrastructure
239
Explanation P-mode (promiscuous mode) allows you to monitor frames sent to computers other than yours. This feature is negated by layer 2 switching.
101
C
Monitor mode allows you to monitor frames sent to computers other than yours. This feature is similar to P-mode for wired networks.
102
C
The use of a monitoring port on a layer 2 switch will enable P-mode to view all network traffic on the subnet.
103
D
The NMcap command captures all traffic on all network interfaces and saves it to a file named in the command after the capture option.
104
C
Network Monitor OneClick is a Microsoft download that will capture network traffic without first installing any network monitor drivers.
105
B
The pane for summarizing the data is the Frame Details pane.
106
C
The pane for browsing captured data is the Frame Summary pane.
107
B
The Capture Filters feature filters the data before it is captured.
108
D
Use the MyIPv4Address and MyIPv6Address filter to show only requests sent to or from the current computer.
109
A
Use the HttpWebSearch filter to show only requests sent to or from a specific website.
110
B
Use the BaseNetworkTShoot filter to show ping requests.
111
C
Use the NameResolution filter to show only NetBIOS, DNS, and ARP name requests sent to or from the current computer.
112
B
Use the IPv6Address, IPv6Destination Address, and IPv6Source Address filter to show only requests sent to or from specific IPv6 addresses.
7A
This page intentionally left blank
Part IV
SUPPLEMENTARY INFORMATION
This page intentionally left blank
APPENDIX
A
EXAM OBJECTIVES FOR MCITP: SERVER ADMINISTRATOR T
he MCITP: Server Administrator requires that you pass three exams.You will need to pass two Microsoft Certified Technology Specialist (MCTS) exams, what Microsoft refers to as prerequisite exams, and you will also need to pass one Professional Series exam. The three exams are as follows: ■
■
■
Exam 70-640, which earns you the MCTS: Windows Server 2008, Active Directory Configuration certification Exam 70-642, which earns you the MCTS: Windows Server 2008, Network Infrastructure Configuration certification Exam 70-646, which earns you the PRO: Windows Server 2008, Server Administrator certification
SKILLS MEASURED FOR EXAM 70-640: WINDOWS SERVER 2008, ACTIVE DIRECTORY CONFIGURATION Configuring Domain Name System (DNS) for Active Directory (16 Percent) Configure zones. May include but is not limited to Dynamic DNS (DDNS), Non-dynamic DNS (NDDNS), and Secure Dynamic DNS (SDDNS), Time to Live (TTL), GlobalNames, primary zones, secondary zones, Active Directory Integrated zones, Stub zones, SOA, zone scavenging, forward lookup, and reverse lookup. Configure DNS server settings. May include but is not limited to forwarding, root hints, configuring zone delegation, round robin servers, disabling recursion, debug logging, and server scavenging. Configure zone transfers and replication. May include but is not limited to configuring replication scope (forestDNSzone and domainDNSzone), incremental zone transfers, DNS Notify, secure zone transfers, configuring name servers, and application directory partitions.
243
A
244
MCTS: Windows Server 2008 70-642 Q&A
Configuring the Active Directory Infrastructure (25 Percent) Configure a forest or a domain. May include but is not limited to removing a domain, performing an unattended installation, using the Active Directory Migration tool (ADMT) v3 (pruning and grafting), raising forest and domain functional levels, interoperability with previous versions of Active Directory, using the alternate user principal name (UPN) suffix, and using forestprep and domainprep. Configure trusts. May include but is not limited to using forest trusts, selective authentication versus forest-wide authentication, using transitive trusts, external trusts, and shortcut trusts, and SID filtering. Configure sites. May include but is not limited to creating Active Directory subnets, configuring site links, configuring site link costing, and configuring site infrastructure. Configure Active Directory replication. May include but is not limited to using a distributed file system, one-way replication, using a bridgehead server, replication scheduling, configuring replication protocols, and forcing inter-site replication. Configure the Global Catalog. May include but is not limited to using Universal Group Membership Caching (UGMC), using partial attribute set, and promoting files to Global Catalog. Configure operations masters. May include but is not limited to seizing and transferring schemas, using backup operations master, using operations master placement, using Schema Master, extending the schema, and using time services.
Configuring Additional Active Directory Server Roles (9 Percent) Configure Active Directory Lightweight Directory Service (AD LDS). May include but is not limited to migrating to AD LDS, configuring data within AD LDS, configuring an authentication server, using Server Core, and using Windows Server 2008 Hyper-V. Configure Active Directory Rights Management Service (AD RMS). May include but is not limited to certificate request and installation, self-enrollments, delegation, Active Directory Metadirectory Services (AD MDS), and using Windows Server virtualization. Configure the read-only domain controller (RODC). May include but is not limited to: unidirectional replication,Administrator role separation, read-only DNS, BitLocker, credential caching, password replication, syskey, and using Windows Server virtualization. Configure Active Directory Federation Services (AD FS). May include but is not limited to installing AD FS server role, using exchange certificate with AD FS agents, configuring trust policies, configuring user and group claim mapping, and using Windows Server virtualization.
Creating and Maintaining Active Directory Objects (24 Percent) Automate creation of Active Directory accounts. May include but is not limited to bulk importing, configuring the UPN, creating computer, user, and group accounts (scripts, import, migration), creating template accounts, contacts, and distribution lists. Maintain Active Directory accounts. May include but is not limited to configuring group membership, account resets, delegation, AGDLP/AGGUDLP, denying domain local group, local versus domain accounts, using Protected Admin, disabling accounts versus deleting accounts, deprovisioning, creating organizational units (OUs), and delegation of control.
Appendix A
Exam Objectives for MCITP: Server Administrator
245
Create and apply Group Policy objects (GPOs). May include but is not limited to enforcing GPOs, OU hierarchy, block inheritance, and enabling user objects, Group Policy processing priority, WMI, Group Policy filtering, and Group Policy loopback. Configure GPO templates. May include but is not limited to user rights, ADMX Central Store, administrative templates, security templates, restricted groups, security options, starter GPOs, and shell access policies. Configure software deployment GPOs. May include but is not limited to publishing to users, assigning software to users, assigning to computers, and software removal. Configure account policies. May include but is not limited to domain password policy, account lockout policy, and fine-grain password policies. Configure audit policy by using GPOs. May include but is not limited to auditing logon events, auditing account logon events, auditing policy changes, auditing access privilege use, auditing directory service access, and auditing object access.
Maintaining the Active Directory Environment (13 Percent) Configure backup and recovery. May include but is not limited to using Windows Server backup, backing up files and system state data to media, backing up and restoring data by using removable media, performing an authoritative or non-authoritative Active Directory restore, using linked value replication, using Directory Services Recovery Mode (DSRM) (reset admin password), and backing up and restoring GPOs. Perform offline maintenance. May include but is not limited to offline defragmentation and compaction, Restartable Active Directory, and Active Directory database storage allocation. Monitor Active Directory. May include but is not limited to Network Monitor,Task Manager, Event Viewer, ReplMon, RepAdmin, Windows System Resource Manager, Reliability and Performance Monitor, Server Performance Advisor, and RSoP.
Configuring Active Directory Certificate Services (13 Percent) Install Active Directory Certificate Services. May include but is not limited to stand-alone versus enterprise, CA hierarchies (root versus subordinate), certificate requests, and certificate practice statement. Configure CA server settings. May include but is not limited to key archival, certificate database backup and restore, and assigning administration roles. Manage certificate templates. May include but is not limited to using certificate template types, securing template permissions, managing different certificate template versions, and using the key recovery agent. Manage enrollments. May include but is not limited to using the network device enrollment service (NDES), understanding auto-enrollment,Web enrollment, and Smart Card enrollment, and creating enrollment agents. Manage certificate revocations. May include but is not limited to configuring online responders, using a Certificate Revocation List (CRL), using a CRL Distribution Point (CDP), and using Authority Information Access (AIA).
A
246
MCTS: Windows Server 2008 70-642 Q&A
SKILLS MEASURED FOR EXAM 70-642: WINDOWS SERVER 2008, ACTIVE DIRECTORY CONFIGURATION Configuring IP Addressing and Services (24 Percent) Configure IPv4 and IPv6 addressing. May include but is not limited to configuring IP options, subnetting, supernetting, and using alternative configurations. Configure Dynamic Host Configuration Protocol (DHCP). May include but is not limited to using DHCP options, creating new options, using PXE boot, knowing the default user profiles, using DHCP relay agents, using exclusions, authorizing servers in Active Directory, using scopes, using Server Core, and using Windows Server Hyper-V. Configure routing. May include but is not limited to static routing, persistent routing, using the Routing Internet Protocol (RIP), and using Open Shortest Path First (OSPF). Configure IPsec. May include but is not limited to creating IPsec policy, using the IPsec Authentication Header (AH), and using the IPsec Encapsulating Security Payload (ESP).
Configuring Name Resolution (27 Percent) Configure a Domain Name System (DNS) server. May include but is not limited to conditional forwarding, external forwarders, root hints, using cache-only servers, using Server Core, WINS and DNS integration, and Windows Server virtualization. Configure DNS zones. May include but is not limited to DNS refresh and no-refresh, DNS listserv address (NSLOOKUP), primary/secondary zones, Active Directory integration, Dynamic Domain Name System (DDNS), using GlobalNames, and using SOA refresh. Configure DNS records. May include but is not limited to record types, hosts, pointers, MX, SRV, NS, using dynamic updates, and using Time to Live (TTL). Configure DNS replication. May include but is not limited to using DNS secondary zones, using DNS stub zones, using the DNS scavenging interval, and using replication scope. Configure name resolution for client computers. May include but is not limited to understanding DNS and WINS integration, configuring the HOSTS and LMHOSTS files, using the node type, using Link-Local Multicast Name Resolution (LLMNR), broadcasting, configuring resolver caches, using a DNS server list, using Suffix Search order, and managing client settings by using group policy.
Configuring Network Access (22 Percent) Configure remote access. May include but is not limited to understanding dial-up settings, Remote Access Policy, Network Address Translation (NAT), Internet Connection Sharing (ICS), VPN, Routing and Remote Access Services (RRAS), inbound/outbound filters, configuring Remote Authentication Dial-In User Service (RADIUS) server, configuring RADIUS proxy, using remote access protocols, and using Connection Manager.
Appendix A
Exam Objectives for MCITP: Server Administrator
247
Configure Network Access Protection (NAP). May include but is not limited to network layer protection, DHCP enforcement,VPN enforcement, configuring NAP health policies, IPsec enforcement, 802.1x enforcement, and flexible host isolation. Configure network authentication. May include but is not limited to LAN authentication by using NTLMv2 and Kerberos, WLAN authentication by using 802.1x, RAS authentication by using MS-CHAP, MS-CHAP v2, and using EAP. Configure wireless access. May include but is not limited to setting Service Identifier (SSID), Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), understanding ad hoc versus infrastructure mode, and understanding group policy for wireless access. Configure firewall settings. May include but is not limited to incoming and outgoing traffic filtering, Active Directory account integration, identifying ports and protocols, Microsoft Windows firewalls versus Windows firewalls with Advanced Security, configuring firewall by using group policy, and using the isolation policy.
Configuring File and Print Services (13 Percent) Configure a file server. May include but is not limited to file share publishing, configuring offline files, sharing permissions, configuring NTFS permissions, and using the encrypting file system (EFS). Configure Distributed File System (DFS). May include but is not limited to configuring DFS namespace, DFS configuration and application, creating and configuring targets, and DFS replication. Configure shadow copy services. May include but is not limited to recovering previous versions, setting schedule, and setting storage locations. Configure backup and restore. May include but is not limited to configuring backup types, configuring backup schedules, managing backups remotely, and restoring data. Manage disk quotas. May include but is not limited to managing quota by volume or by user, using quota entries, and using quota templates. Configure and monitor print services. May include but is not limited to configuring printer share, publishing printers to Active Directory, using printer permissions, deploying printer connections, installing printer drivers, exporting and importing print queues and printer settings, adding counters to Reliability and Performance Monitor to monitor print servers, using print pooling, and setting print priorities.
Monitoring and Managing a Network Infrastructure (14 Percent) Configure Windows Server Update Services (WSUS) server settings. May include but is not limited to configuring update type selection, configuring client settings, using Group Policy object (GPO), configuring client targeting, configuring software updates, configuring test and approval settings, and configuring disconnected networks. Capture performance data. May include but is not limited to using Data Collector Sets, Performance Monitor, using Reliability Monitor, and monitoring the System Stability index.
A
248
MCTS: Windows Server 2008 70-642 Q&A
Monitor event logs. May include but is not limited to using custom views, using application and services logs, setting up subscriptions, and using a DNS log. Gather network data. May include but is not limited to using Simple Network Management Protocol (SNMP), using the Baseline Security Analyzer, and using Network Monitor.
SKILLS MEASURED FOR EXAM 70-646: WINDOWS SERVER 2008, SERVER ADMINISTRATOR Planning for Server Deployment (19 Percent) Plan server installations and upgrades. May include but is not limited to selecting Windows Server 2008 edition, planning rollbacks, and knowing the BitLocker implementation requirements. Plan for automated server deployment. May include but is not limited to planning for standard server images, and automating and scheduling server deployments. Plan infrastructure services server roles. May include but is not limited to assigning addresses, using name resolution, understanding network access control, using directory services, using application services, and using certificate services. Plan application servers and services. May include but is not limited to virtualization server planning, availability, resilience, and accessibility. Plan file and print server roles. May include but is not limited to access permissions, storage quotas, replication, indexing, understanding file storage policy and availability, and printer publishing.
Planning for Server Management (23 Percent) Plan server management strategies. May include but is not limited to remote administration, remote desktop, server management technologies, Server Manager and ServerManagerCMD, and delegation policies and procedures. Plan for delegated administration. May include but is not limited to delegating authority, delegating Active Directory objects, and application management. Plan and implement group policy strategy. May include but is not limited to GPO management, GPO backup and recovery, group policy troubleshooting, and group policy planning.
Monitoring and Maintaining Servers (20 Percent) Implement patch management strategy. May include but is not limited to operating system patch level maintenance, Windows Server Update Services (WSUS), and application patch level maintenance. Monitor servers for performance evaluation and optimization. May include but is not limited to server and service monitoring, optimization, event management, and trending and baseline analysis.
Appendix A
Exam Objectives for MCITP: Server Administrator
249
Monitor and maintain security and policies. May include but is not limited to remote access, monitoring and maintaining NPAS, monitoring network access, monitoring server security, understanding firewall rules and policies, understanding authentication and authorization, securing data, and auditing your servers.
Planning Application and Data Provisioning (19 Percent) Provision applications. May include but is not limited to presentation virtualization, terminal server infrastructure, resource allocation, application virtualization alternatives, application deployment, and using System Center Configuration Manager. Provision data. May include but is not limited to setting up shared resources and setting up offline data access.
Planning for Business Continuity and High Availability (19 Percent) Plan storage. May include but is not limited to understanding storage solutions and storage management. Plan high availability. May include but is not limited to service redundancy and availability. Plan for backup and recovery. May include but is not limited to planning data recovery strategies, planning server recovery strategies, planning directory service recovery strategies, and setting up object level recovery.
A
This page intentionally left blank
APPENDIX
B
EXAM OBJECTIVES FOR MCITP: ENTERPRISE ADMINISTRATOR T
he MCITP: Server Administrator requires that you pass three exams.You will need to pass two Microsoft Certified Technology Specialist (MCTS) exams, what Microsoft refers to as prerequisite exams, and you will also need one Professional Series exam. The MCITP: Enterprise Administrator requires that you pass five exams (the three required for the MCITP: Server Administrator, plus two others): ■
■
■
■
■
MCTS exam 70-640, which earns you Windows Server 2008 Active Directory, Configuration certification MCTS exam 70-642, which earns you Windows Server 2008 Network Infrastructure, Configuration certification MCTS exam 70-643, which earns you Windows Server 2008 Applications Infrastructure, Configuring certification Either exam 70-620 MCTS: Windows Vista, Configuring or exam 70-624 MCTS: Deploying and Maintaining Windows Vista Client and 2007 Microsoft Office System Desktops PRO exam 70-647 Windows Server 2008, Enterprise Administrator
SKILLS MEASURED FOR EXAM 70-640: WINDOWS SERVER 2008 ACTIVE DIRECTORY, CONFIGURATION Configuring Domain Name System (DNS) for Active Directory (16 Percent) Configure zones. May include but is not limited to Dynamic DNS (DDNS), Non-dynamic DNS (NDDNS), Secure Dynamic DNS (SDDNS), Time to Live (TTL), GlobalNames, primary zones, secondary zones, Active Directory Integrated zones, Stub zones, SOA, zone scavenging, forward lookup, and reverse lookup. Configure DNS server settings. May include but is not limited to forwarding, root hints, configuring zone delegation, round robin servers, disabling recursion, debug logging, and server scavenging.
251
B
252
MCTS: Windows Server 2008 70-642 Q&A
Configure zone transfers and replication. May include but is not limited to configuring replication scope (forestDNSzone and domainDNSzone), incremental zone transfers, using DNS Notify, secure zone transfers, configuring name servers, and application directory partitions.
Configuring the Active Directory Infrastructure (25 Percent) Configure a forest or a domain. May include but is not limited to removing a domain, performing an unattended installation, using the Active Directory Migration tool (ADMT) v3 (pruning and grafting), raising forest and domain functional levels, understanding interoperability issues with previous versions of Active Directory, understanding the alternate user principal name (UPN) suffix, using forestprep, and using domainprep. Configure trusts. May include but is not limited to forest trusts, selective authentication versus forest-wide authentication, transitive trusts, external trusts, shortcut trusts, and SID filtering. Configure sites. May include but is not limited to creating Active Directory subnets, configuring site links, configuring site link costing, and configuring a site’s infrastructure. Configure Active Directory replication. May include but is not limited to using a Distributed File System, one-way replication, using bridgehead servers, replication scheduling, configuring replication protocols, and forcing inter-site replication. Configure the global catalog. May include but is not limited to Universal Group Membership Caching (UGMC), using a partial attribute set, promoting to global catalog. Configure operations masters. May include but is not limited to seizing and transferring, backup operations master, operations master placement, using Schema Master, extending the schema, and using the time service.
Configuring Additional Active Directory Server Roles (9 Percent) Configure Active Directory Lightweight Directory Service (AD LDS). May include but is not limited to migration to AD LDS, configuring data within AD LDS, configuring an authentication server, using Server Core, and using Windows Server 2008 Hyper-V. Configure Active Directory Rights Management Service (AD RMS). May include but is not limited to certificate request and installation, self-enrollments, delegation, Active Directory Metadirectory Services (AD MDS), and Windows Server virtualization. Configure the read-only domain controller (RODC). May include but is not limited to unidirectional replication, administrator role separation, using read-only DNSs, using BitLocker, credential caching, password replication, using syskey, and Windows Server virtualization. Configure Active Directory Federation Services (AD FS). May include but is not limited to installing the AD FS server role, exchanging certificates with AD FS agents, configuring trust policies, configuring user and group claim mapping, and Windows Server virtualization.
Creating and Maintaining Active Directory Objects (24 Percent) Automate creation of Active Directory accounts. May include but is not limited to bulk import, configuring the UPN, creating computer, user, and group accounts (scripts, import, migration), using template accounts, creating contacts, and using distribution lists.
Appendix B
Exam Objectives for MCITP: Enterprise Administrator
253
Maintain Active Directory accounts. May include but is not limited to configuring group membership, account resets, delegation, AGDLP/AGGUDLP, deny domain local group, local versus domain, Protected Admin, disabling accounts versus deleting accounts, deprovisioning, contacts, creating organizational units (OUs), and delegation of control. Create and apply Group Policy objects (GPOs). May include but is not limited to using Enforce, OU hierarchy, block inheritance, enabling user objects, Group Policy processing priority, using WMI, Group Policy filtering, and Group Policy loopback. Configure GPO templates. May include but is not limited to user rights, using the ADMX Central Store, using administrative templates, using security templates, using restricted groups, understanding the security options, using starter GPOs, and understanding the shell access policies. Configure software deployment GPOs. May include but is not limited to publishing to users, assigning software to users, assigning GPOs to computers, and software removal. Configure account policies. May include but is not limited to domain password policy, account lockout policy, and fine-grain password policies. Configure audit policy by using GPOs. May include but is not limited to auditing logon events, auditing account logon events, auditing policy change, auditing access privilege use, auditing directory service access, and auditing object access.
Maintaining the Active Directory Environment (13 Percent) Configure backup and recovery. May include but is not limited to using the Windows Server Backup feature, creating backup files and system state data to media, backing up and restoring by using removable media, performing an authoritative or non-authoritative Active Directory restore, linked value replication, Directory Services Recovery Mode (DSRM) (reset admin password), backing up and restoring GPOs. Perform offline maintenance. May include but is not limited to offline defragmentation and compaction, using Restartable Active Directory, and Active Directory database storage allocation. Monitor Active Directory. May include but is not limited to Network Monitor,Task Manager, Event Viewer, ReplMon, RepAdmin, Windows System Resource Manager, Reliability and Performance Monitor, Server Performance Advisor, and RSoP.
Configuring Active Directory Certificate Services (13 Percent) Install Active Directory Certificate Services. May include but is not limited to standalone versus enterprise, CA hierarchies (root versus subordinate), certificate requests, and certificate practice statement. Configure CA server settings. May include but is not limited to key archival, certificate database backup and restore, and assigning administration roles. Manage certificate templates. May include but is not limited to certificate template types, securing template permissions, managing different certificate template versions, and using key recovery agent.
B
254
MCTS: Windows Server 2008 70-642 Q&A
Manage enrollments. May include but is not limited to network device enrollment service (NDES), auto-enrollment, web enrollment, Smart Card enrollment, and creating enrollment agents. Manage certificate revocations. May include but is not limited to configuring Online Responders, using a Certificate Revocation List (CRL), using a CRL Distribution Point (CDP), and using Authority Information Access (AIA).
SKILLS MEASURED FOR EXAM 70-642: WINDOWS SERVER 2008 ACTIVE DIRECTORY, CONFIGURATION Configuring IP Addressing and Services (24 Percent) Configure IPv4 and IPv6 addressing. May include but is not limited to configuring IP options, subnetting, supernetting, and using alternative configurations. Configure Dynamic Host Configuration Protocol (DHCP). May include but is not limited to DHCP options, creating new options, PXE boot, using default user profiles, DHCP relay agents, exclusions, authorizing server in Active Directory, using scopes, using server core, and using Windows Server Hyper-V. Configure routing. May include but is not limited to static routing, persistent routing, using the Routing Internet Protocol (RIP), and using Open Shortest Path First (OSPF). Configure IPsec. May include but is not limited to creating IPsec policy, using IPsec Authentication Header (AH), and using IPsec Encapsulating Security Payload (ESP).
Configuring Name Resolution (27 Percent) Configure a Domain Name System (DNS) server. May include but is not limited to conditional forwarding, using external forwarders, using root hints, using cache-only servers, using Server Core, WINS and DNS integration, and Windows Server virtualization. Configure DNS zones. May include but is not limited to using DNS Refresh no-refresh, configuring intervals, using the DNS listserv address (NSLOOKUP), using primary/secondary zones, Active Directory integration, using Dynamic Domain Name System (DDNS), using GlobalNames, and using SOA refresh. Configure DNS records. May include but is not limited to using record types, hosts, pointers, MX, SRV, NS, using dynamic updates, and using Time to Live (TTL). Configure DNS replication. May include but is not limited to using DNS secondary zones, using DNS stub zones, using the DNS scavenging interval, and using the replication scope. Configure name resolution for client computers. May include but is not limited to DNS and WINS integration, configuring the HOSTS file, using LMHOSTS, configuring node type, using Link-Local Multicast Name Resolution (LLMNR), broadcasting, using the resolver cache, using the DNS Server list, understanding Suffix Search order, and managing client settings by using group policy.
Appendix B
Exam Objectives for MCITP: Enterprise Administrator
255
Configuring Network Access (22 Percent) Configure remote access. May include but is not limited to configuring dial-up, using the Remote Access Policy, using Network Address Translation (NAT), using Internet Connection Sharing (ICS), using VPN, using Routing and Remote Access Services (RRAS), using inbound/outbound filters, configuring Remote Authentication Dial-In User Service (RADIUS) server, configuring RADIUS proxy, using remote access protocols, and using Connection Manager. Configure Network Access Protection (NAP). May include but is not limited to network layer protection, DHCP enforcement,VPN enforcement, configuring NAP health policies, IPsec enforcement, 802.1x enforcement, and flexible host isolation. Configure network authentication. May include but is not limited to LAN authentication by using NTLMv2 and Kerberos, WLAN authentication by using 802.1x, RAS authentication by using MS-CHAP, using MS-CHAP v2, and using EAP. Configure wireless access. May include but is not limited to using the Set Service Identifier (SSID), using Wired Equivalent Privacy (WEP), using Wi-Fi Protected Access (WPA), using Wi-Fi Protected Access 2 (WPA2), understanding ad hoc versus infrastructure mode, and using Group Policy for wireless connections. Configure firewall settings. May include but is not limited to incoming and outgoing traffic filtering, Active Directory account integration, identifying ports and protocols, Microsoft Windows firewall versus Windows firewall with advanced security, configuring firewalls by using Group Policy, and configuring the isolation policy.
Configuring File and Print Services (13 Percent) Configure a file server. May include but is not limited to file share publishing, using offline files, setting share permissions, setting NTFS permissions, and using the encrypting file system (EFS). Configure Distributed File System (DFS). May include but is not limited to using the DFS namespace, using DFS configuration and application, creating and configuring targets, and DFS replication. Configure shadow copy services. May include but is not limited to recovering previous versions, setting the schedule, and setting storage locations. Configure backup and restore. May include but is not limited to configuring backup types and backup schedules, managing backups remotely, and restoring data. Manage disk quotas. May include but is not limited to managing quota by volume or quota by user, using quota entries, and using quota templates. Configure and monitor print services. May include but is not limited to configuring printer share, publishing printers to Active Directory, setting the printer permissions, deploying printer connections, installing printer drivers, exporting and importing print queues and printer settings, adding counters to Reliability and Performance Monitor to monitor print servers, print pooling, and setting print priorities.
B
256
MCTS: Windows Server 2008 70-642 Q&A
Monitoring and Managing a Network Infrastructure (14 Percent) Configure Windows Server Update Services (WSUS) server settings. May include but is not limited to updating type selection, using client settings, using the Group Policy object (GPO), client targeting, software updates, testing and approval, and configuring disconnected networks. Capture performance data. May include but is not limited to Data Collector Sets, Performance Monitor, Reliability Monitor, and monitoring the System Stability Index. Monitor event logs. May include but is not limited to custom views, application and services logs, subscriptions, and using the DNS log. Gather network data. May include but is not limited to using Simple Network Management Protocol (SNMP), using the Baseline Security Analyzer, and using Network Monitor.
SKILLS MEASURED FOR EXAM 70-646: WINDOWS SERVER 2008, SERVER ADMINISTRATOR Planning for Server Deployment (19 Percent) Plan server installations and upgrades. May include but is not limited to Windows Server 2008 edition selection, rollback planning, and BitLocker implementation requirements. Plan for automated server deployment. May include but is not limited to standard server images and automation and scheduling of server deployments. Plan infrastructure services server roles. May include but is not limited to address assignment, name resolution, network access control, and using directory services, application services, and certificate services. Plan application servers and services. May include but is not limited to virtualization server planning, and testing server availability, resilience, and accessibility. Plan file and print server roles. May include but is not limited to accessing permissions, storage quotas, replication, indexing, file storage policy, print server availability, and printer publishing.
Planning for Server Management (23 Percent) Plan server management strategies. May include but is not limited to remote administration, remote desktop, server management technologies, Server Manager and ServerManagerCMD, and delegation policies and procedures. Plan for delegated administration. May include but is not limited to delegating authority, delegating Active Directory objects, and application management. Plan and implement group policy strategy. May include but is not limited to GPO management, GPO backup and recovery, group policy troubleshooting, and group policy planning.
Monitoring and Maintaining Servers (20 Percent) Implement patch management strategy. May include but is not limited to operating system patch level maintenance, Windows Server Update Services (WSUS), and application patch level maintenance.
Appendix B
Exam Objectives for MCITP: Enterprise Administrator
257
Monitor servers for performance evaluation and optimization. May include but is not limited to server and service monitoring, optimization, event management, and trending and baseline analysis. Monitor and maintain security and policies. May include but is not limited to remote access, monitoring and maintaining NPAS, network access, server security, firewall rules and policies, authentication and authorization, data security, and auditing.
Planning Application and Data Provisioning (19 Percent) Provision applications. May include but is not limited to presentation virtualization, terminal server infrastructure, resource allocation, application virtualization alternatives, application deployment, and using System Center Configuration Manager. Provision data. May include but is not limited to using shared resources and offline data access.
Planning for Business Continuity and High Availability (19 Percent) Plan storage. May include but is not limited to storage solutions and storage management. Plan high availability. May include but is not limited to service redundancy and service availability. Plan for backup and recovery. May include but is not limited to data recovery strategy, server recovery strategy, directory service recovery strategy, and object level recovery.
SKILLS MEASURED CONFIGURING
FOR
EXAM 70-620: WINDOWS VISTA,
Installing and upgrading Windows Vista: ■ ■ ■ ■ ■ ■
Identify hardware requirements. Perform a clean installation. Upgrade to Windows Vista from previous versions of Windows. Upgrade from one edition of Windows Vista to another. Troubleshoot Windows Vista installation issues. Install and configure Windows Vista drivers.
Configuring and troubleshooting post-installation system settings: ■ ■ ■ ■
Troubleshoot post-installation configuration issues. Configure and troubleshoot Windows Aero. Configure and troubleshoot parental controls. Configure Microsoft Internet Explorer.
Configuring Windows security features: ■ ■
Configure and troubleshoot User Account Control. Configure Windows Defender.
B
258 ■ ■
MCTS: Windows Server 2008 70-642 Q&A
Configure Dynamic Security for Microsoft Internet Explorer 7. Configure security settings in Windows firewall.
Configuring network connectivity: ■ ■ ■
Configure networking by using the Network and Sharing Center. Troubleshoot connectivity issues. Configure remote access.
Configuring applications included with Windows Vista: ■ ■ ■ ■ ■ ■
Configure and troubleshoot media applications. Configure Windows Mail. Configure Windows Meeting Space. Configure Windows Calendar. Configure Windows Fax and Scan. Configure Windows Sidebar.
Maintaining and optimizing systems that run Windows Vista: ■ ■ ■ ■
Troubleshoot performance issues. Troubleshoot reliability issues by using built-in diagnostic tools. Configure Windows Update. Configure data protection.
Configuring and troubleshooting mobile computing: ■ ■ ■ ■
Configure mobile display settings. Configure mobile devices. Configure Tablet PC software. Configure power options.
SKILLS MEASURED FOR EXAM 70-624 MCTS: DEPLOYING AND MAINTAINING WINDOWS VISTA CLIENT AND 2007 MICROSOFT OFFICE SYSTEM DESKTOPS Deploying the 2007 Microsoft Office System: ■ ■ ■
Configure Microsoft Office settings and components Install the 2007 Microsoft Office system Migrate from earlier versions of Microsoft Office
Configuring Windows Vista automated installation settings: ■ ■ ■ ■ ■
Configure Windows Vista automated installation settings Manage Windows Vista catalogs Add device drivers to Windows Vista installations Manage Windows components Configure and manipulate Windows Imaging Format (WIM) images
Appendix B
Exam Objectives for MCITP: Enterprise Administrator
259
Deploying Windows Vista: ■ ■ ■ ■
Deploy Windows Vista by using LTI Deploy Windows Vista by using ZTI Customize the Windows Preinstallation Environment (PE) Troubleshoot Windows Vista
Using Business Desktop Deployment (BDD) Workbench: ■ ■ ■ ■ ■ ■
Install BDD Configure a distribution point in BDD 2007 Workbench Create a reference computer image Manage XML files in BDD Workbench Automate installation of the 2007 Microsoft Office system Customize and maintain Windows PE by using BDD Workbench
Using Application Compatibility Toolkit: ■ ■ ■ ■
Install and configure Application Compatibility Toolkit (ACT) 5 Deploy ACT 5 agents Report application compatibility Fix compatibility issues
Managing user-state migration: ■ ■ ■ ■ ■
■ ■ ■
Upgrade user state from Windows XP to Windows Vista Automate user state migration Manage Vista deployments by using SMS 2003 Determine OSD prerequisites Install the Microsoft Systems Management (SMS) 2003 Operating System Deployment (OSD) Feature Pack Configure SMS 2003 OSD Troubleshoot user-state migration Plan user-state migration
SKILLS MEASURED FOR EXAM 70-647: WINDOWS SERVER 2008, ENTERPRISE ADMINISTRATOR Planning Network and Application Services (23 Percent) Plan for name resolution and IP addressing. May include but is not limited to internal and external naming strategy, naming resolution support for legacy clients, naming resolution for directory services, IP addressing scheme, and TCP/IP version coexistence. Design for network access. May include but is not limited to network access policies, remote access strategy, perimeter networks, and server and domain isolation.
B
260
MCTS: Windows Server 2008 70-642 Q&A
Plan for application delivery. May include but is not limited to application virtualization, presentation virtualization, using locally installed software, and using web-based applications. Plan for Terminal Services. May include but is not limited to planning for Terminal Services licensing and Terminal Services infrastructure.
Designing Core Identity and Access Management Components (25 Percent) Design Active Directory forests and domains. May include but is not limited to forest structure, forest and domain functional levels, intra-organizational authorization and authentication, and schema modifications. Design the Active Directory physical topology. May include but is not limited to placement of servers, site and replication topology, and printer location policies. Design the Active Directory administrative model. May include but is not limited to delegation, group strategy, compliance auditing, group administration, and organizational structure. Design the enterprise-level group policy strategy. May include but is not limited to group policy hierarchy and scope filtering, control device installation, and authentication and authorization.
Designing Support Identity and Access Management Components (29 Percent) Plan for domain or forest migration, upgrade, and restructuring. May include but is not limited to cross-forest authentication, backward compatibility, object migration, migration planning, implementation planning, and environment preparation. Design the branch office deployment. May include but is not limited to designing the authentication strategy and server security issues. Design and implement public key infrastructure. May include but is not limited to certificate services, PKI operations and maintenance, and certificate lifecycle management. Plan for interoperability. May include but is not limited to inter-organizational authorization and authentication, application authentication interoperability, and cross-platform interoperability.
Designing for Business Continuity and Data Availability (23 Percent) Plan for business continuity. May include but is not limited to service availability and directory service recovery. Design for software updates and compliance management. May include but is not limited to patch management and patch management compliance, Microsoft Update and Windows Update, security baselines, and system health models. Design the operating system virtualization strategy. May include but is not limited to server consolidation, application compatibility, virtualization management, and designing the placement of servers. Design for data management and data access. May include but is not limited to data security, data accessibility and redundancy, and data collaboration.
APPENDIX
C
INSTALLATION INSTRUCTIONS FOR CERTBLASTER T
he CertBlaster practice software is on the CD at the end of this book. It allows you to: • • • •
Assess your preparedness for the exam Familiarize yourself with the exam environment and format Familiarize yourself with the MCTS question types and formats Generate your very own customized Personal Study Plan
Copy the CertBlaster setup file (called c_642_setup.exe) from the CD to your desktop.Then follow the steps here to install the program: 1. Double click the set-up icon shown here.
2. Enter the installation password, c_642, into the text box shown here.
C 261
262
MCTS: Windows Server 2008 70-642 Q&A
You will not see your actual password because the application shows only asterisks, so what you will see is shown here.
3. Next you will be in the Installation wizard. From this point on, you just follow the prompts to install the software.
Course Technology PTR… the ultimate source for all your certification needs. With step-by-step instructions and extensive end-of-chapter review questions, projects, and exercises, these learning solutions map fully to their certification exams. In-depth and well-organized—there isn’t a better way to prepare!
CompTIA A+ 2006 In Depth
The Ultimate CompTIA A+ 2006 Resource Kit
CompTIA Security+ 2008 In Depth
1-59863-351-1 ■ $39.99
1-59863-396-1 ■ $69.99
1-59863-813-0 ■ $39.99
CompTIA A+ 2006 Q&A
LPIC-1 In Depth
MCTS Windows Server 2008 70-642 Q&A
1-59863-352-X $19.99
1-59863-967-6 $49.99
1-59863-896-3 $29.99
Network+ 2009 In Depth
MCTS Windows Server 2008 70-640 Q&A
The Ultimate CompTIA Network+ Resource Kit
1-59863-878-5 $39.99
1-59863-892-0 $29.99
1-59863-887-4 $59.99
For more information on our offerings and to order, call 1.800.648.7450, go to your favorite bookstore, or visit us at www.courseptr.com.
License Agreement/Notice of Limited Warranty By opening the sealed disc container in this book, you agree to the following terms and conditions. If, upon reading the following license agreement and notice of limited warranty, you cannot agree to the terms and conditions set forth, return the unused book with unopened disc to the place where you purchased it for a refund. License: The enclosed software is copyrighted by the copyright holder(s) indicated on the software disc. You are licensed to copy the software onto a single computer for use by a single user and to a backup disc. You may not reproduce, make copies, or distribute copies or rent or lease the software in whole or in part, except with written permission of the copyright holder(s). You may transfer the enclosed disc only together with this license, and only if you destroy all other copies of the software and the transferee agrees to the terms of the license. You may not decompile, reverse assemble, or reverse engineer the software. Notice of Limited Warranty: The enclosed disc is warranted by Course Technology to be free of physical defects in materials and workmanship for a period of sixty (60) days from end user's purchase of the book/disc combination. During the sixty-day term of the limited warranty, Course Technology will provide a replacement disc upon the return of a defective disc. Limited Liability: THE SOLE REMEDY FOR BREACH OF THIS LIMITED WARRANTY SHALL CONSIST ENTIRELY OF REPLACEMENT OF THE DEFECTIVE DISC. IN NO EVENT SHALL COURSE TECHNOLOGY OR THE AUTHOR BE LIABLE FOR ANY OTHER DAMAGES, INCLUDING LOSS OR CORRUPTION OF DATA, CHANGES IN THE FUNCTIONAL CHARACTERISTICS OF THE HARDWARE OR OPERATING SYSTEM, DELETERIOUS INTERACTION WITH OTHER SOFTWARE, OR ANY OTHER SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES THAT MAY ARISE, EVEN IF COURSE TECHNOLOGY AND/OR THE AUTHOR HAS PREVIOUSLY BEEN NOTIFIED THAT THE POSSIBILITY OF SUCH DAMAGES EXISTS. Disclaimer of Warranties: COURSE TECHNOLOGY AND THE AUTHOR SPECIFICALLY DISCLAIM ANY AND ALL OTHER WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, SUITABILITY TO A PARTICULAR TASK OR PURPOSE, OR FREEDOM FROM ERRORS. SOME STATES DO NOT ALLOW FOR EXCLUSION OF IMPLIED WARRANTIES OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THESE LIMITATIONS MIGHT NOT APPLY TO YOU. Other: This Agreement is governed by the laws of the State of Massachusetts without regard to choice of law principles. The United Convention of Contracts for the International Sale of Goods is specifically disclaimed. This Agreement constitutes the entire agreement between you and Course Technology regarding use of the software.