Microsoft 70-642 Online Practice Questions and Exam Preparation

Microsoft 70-642 Online Questions & Answers

• Question 241:

  Your company has a single Active Directory forest that has a domain in North America named na.contoso.com and a domain in South America named sa.contoso.com. The client computers run Windows 7.

  You need to configure the client computers in the North America office to improve the name resolution response time for resources in the South America office. What should you do?

  A. Configure a new Group Policy object (GPO) that disables the Local-Link Multicast Name Resolution feature. Apply the policy to all the client computers in the North America office.
  B. Configure a new Group Policy object (GPO) that enables the Local-Link Multicast Name Resolution feature. Apply the policy to all the client computers in the North America office.
  C. Configure a new Group Policy object (GPO) that configures the DNS Suffix Search List option to sa.contoso.com, na.contoso.com. Apply the policy to all the client computers in the North America office.
  D. Configure the priority value for the Service Location (SRV) records on each of the North America domain controllers to 5.
  C. Configure a new Group Policy object (GPO) that configures the DNS Suffix Search List option to sa.contoso.com, na.contoso.com. Apply the policy to all the client computers in the North America office.

• Question 242:

  Your network contains a DNS zone for contoso.com. All servers register their host names in DNS by using dynamic updates.

  The network contains a server named Server1.contoso.com. From a computer named Computer1 that runs Windows 7, you successfully resolve Server1.contoso.com to an IP address.

  You change the IP address of Server1.contoso.com. From Computer1, you discover that server1.contoso.com still resolves to the old IP address. You successfully connect to server1.contoso.com by using the new IP address.

  You need to ensure that you can immediately resolve Server1.contoso.com to the new IP address.

  What should you do on Computer1?

  A. Run ipconfig.exe and specify the /flushdns parameter.
  B. Run netsh.exe and specify the dnsclient context.
  C. Restart the Peer Name Resolution Protocol (PNRP) service.
  D. Run dnscacheugc.exe.
  A. Run ipconfig.exe and specify the /flushdns parameter.

  ---

  ipconfig/flushdns - Flushes and resets the contents of the DNS client resolver cache. During DNS troubleshooting, you can use this procedure to discard negative cache entries from the cache, as well as any other entries that have been added dynamically. http://www.microsoft.com/resources/documentation/windows/xp/all/ proddocs/en-us/ipconfig.mspx? mfr=true

• Question 243:

  You have a DHCP server that runs Windows Server 2008 R2. You need to reduce the size of the DHCP database.

  What should you do?

  A. From the DHCP snap-in, reconcile the database.
  B. From the folder that contains the DHCP database, run jetpack.exe dhcp.mdb temp.mdb.
  C. From the properties of the dhcp.mdb file, enable the File is ready for archiving attribute.
  D. From the properties of the dhcp.mdb file, enable the Compress contents to save disk space attribute.
  B. From the folder that contains the DHCP database, run jetpack.exe dhcp.mdb temp.mdb.

  ---

  To compact the DHCP database:

  CD %SYSTEMROOT%\SYSTEM32\DHCP

  NET STOP DHCPSERVER

  JETPACK DHCP.MDB TMP.MDB

  NET START DHCPSERVER

  In the examples above, Tmp.mdb is a temporary database that is used by Jetpack.exe. Wins.mdb is the WINS database. Dhcp.mdb is the DHCP database.

  Jetpack.exe compacts the WINS or DHCP database by doing the following:

  -Copies database information to a temporary database file called Tmp.mdb.

  -Deletes the original database file, Wins.mdb or Dhcp.mdb.

  -Renames the temporary database files to the original filename.

  http://technet.microsoft.com/enus/library/hh875589(v=ws.10).aspx://support.microsoft.com/kb/145881/en-us

• Question 244:

  Your corporate network has a member server named RAS1 that runs Windows Server 2008 R2. You configure RAS1 to use the Routing and Remote Access Services (RRAS).

  The company's remote access policy allows members of the Domain Users group to dial in to RAS1. The company issues smart cards to all employees.

  You need to ensure that smart card users are able to connect to RAS1 by using a dial-up connection. What should you do?

  A. Install the Network Policy Server (NPS) server role on RAS1.
  B. Create a remote access policy that requires users to authenticate by using SPAP.
  C. Create a remote access policy that requires users to authenticate by using EAP-TLS.
  D. Create a remote access policy that requires users to authenticate by using MS-CHAP v2.
  C. Create a remote access policy that requires users to authenticate by using EAP-TLS.

  ---

  EAP-Transport Layer Security (EAP-TLS), defined in RFC 5216, is an IETF open standard, and is wellsupported among wireless vendors. The security of the TLS protocol is strong, provided the user understands potential warnings about false credentials. It uses PKI to secure communication to a RADIUS authentication server or another type of authentication server. So even though EAP-TLS provides excellent security, the overhead of client-side certificates may be its Achilles' heel. EAP-TLS is the original, standard wireless LAN EAP authentication protocol. Although it is rarely deployed, it is still considered one of the most secure EAP standards available and is universally supported by all manufacturers of wireless LAN hardware and software. The requirement for a client-side certificate, however unpopular it may be, is what gives EAP-TLS its authentication strength and illustrates the classic convenience vs. security trade-off. A compromised password is not enough to break into EAP-TLS enabled systems because the intruder still needs to have the client-side private key. The highest security available is when client-side keys are housed in smart cards.[4] This is because there is no way to steal a certificate's corresponding private key from a smart card without stealing the card itself. It is significantly more likely that the physical theft of a smart card would be noticed (and the smart card immediately revoked) than a (typical) password theft would be noticed. Up until April 2005, EAP-TLS was the only EAP type vendors needed to certify for a WPA or WPA2 logo.[5] There are client and server implementations of EAP-TLS in 3Com, Apple, Avaya, Brocade Communications, Cisco, Enterasys Networks, Foundry, HP, Juniper, and Microsoft, and open source operating systems. EAP-TLS is natively supported in Mac OS X 10.3 and above, Windows 2000 SP4, Windows XP and above, Windows Mobile 2003 and above, and Windows CE 4.2

• Question 245:

  Your company has deployed Network Access Protection (NAP) enforcement for VPNs. You need to ensure that the health of all clients can be monitored and reported.

  What should you do?

  A. Create a Group Policy object (GPO) that enables Security Center and link the policy to the domain.
  B. Create a Group Policy object (GPO) that enables Security Center and link the policy to the Domain Controllers organizational unit (OU).
  C. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the domain.
  D. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the Domain Controllers organizational unit (OU).
  A. Create a Group Policy object (GPO) that enables Security Center and link the policy to the domain.

• Question 246:

  Your network contains a Network Policy Server (NPS) named NPS1 and a network access server named NAS1. NAS1 is configured to use NPS1 for authentication and accounting. A firewall separates NPS1 and NAS1.

  You need to ensure that NAS1 can successfully send authentication and accounting messages to NPS1. Which ports should you allow through the firewall?

  A. TCP ports 80, 443, 389 and 1645 B. TCP ports 88, 135, 139 and 1813
  C. UDP ports 53, 67, 68 and 69
  D. UDP ports 1812, 1813, 1645 and 1646
  D. UDP ports 1812, 1813, 1645 and 1646

  ---

  Configure NPS UDP port information Network Policy Server (NPS) uses for RADIUS authentication and accounting traffic By default, NPS listens for RADIUS traffic on ports 1812, 1813, 1645, and 1646 for both Internet Protocol version 6 (IPv6) and IPv4 for all installed network adapters. http://technet.microsoft.com/en-us/library/cc731277(v=ws.10).aspx

• Question 247:

  Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. From Server1, you create a collector-initiated subscription that uses Server2 as a source computer. You verify the event subscription and discover the error message shown in the exhibit. (Click the Exhibit button.)

  

  You need to ensure that the subscription collection runs successfully. What should you do?

  A. On Server1, run winrm quickconfig.
  B. On Server2, run winrm quickconfig.
  C. From the properties of the subscription, modify the User Account options.
  D. From the properties of the subscription, modify the Protocol and Port options.
  C. From the properties of the subscription, modify the User Account options.

• Question 248:

  Your company is designing its network. The network will use an IPv6 prefix of 2001:DB8:BBCC:0000::/53.

  You need to identify an IPv6 addressing scheme that will support 2000 subnets.

  Which network mask should you use?

  A. /61
  B. /62
  C. /63
  D. /64
  D. /64

• Question 249:

  Your network contains a DHCP server named DHCP1. You have a DHCP reservation for a computer named Computer1.

  You add a DNS server option to the reservation.

  You need to ensure that Computer1 immediately receives the new option.

  What should you do?

  A. Run ipconfig.exe /renew.
  B. Run ipconfig.exe /registerdns.
  C. On DHCP1, recreate the reservation.
  D. On DHCP1, delete the active lease for the reservation.
  A. Run ipconfig.exe /renew.

• Question 250:

  Your network contains a single Active Directory domain. All servers run Windows Server 2008 R2. A DHCP server is deployed on the network and configured to provide IPv6 prefixes. You need to ensure that when you monitor network traffic, you see the interface identifiers derived from the Extended Unique Identifier (EUI)-64 address.

  Which command should you run?

  A. netsh.exe interface ipv6 set global addressmaskreply=disabled
  B. netsh.exe interface ipv6 set global dhcpmediasense=enabled
  C. netsh.exe interface ipv6 set global randomizeidentifiers=disabled
  D. netsh.exe interface ipv6 set privacy state=enabled
  C. netsh.exe interface ipv6 set global randomizeidentifiers=disabled

  ---

  Starting Windows Vista, Windows Server 2008 and Windows 7, to prevent address scans of IPv6 addresses based on the known company IDs of network adapter manufacturers, Windows by default generate random interface IDs for non-

  temporary autoconfigured IPv6 addresses, including public and link-local addresses. A public IPv6 address is a global address that is registered in DNS and is typically used by server applications for incoming connections, such as a Web

  server. However, this can cause issues with some connection instances in which case you may need to disable this option.

  To prevent Windows from using Random Identifiers,

  1.

  Click Start search "cmd", right-click and choose "Run as Administrator". This should launch the command window withe elevated privileges.

  2.

  Run the following command:

  C:\windows\system32> netsh interface ipv6 set global randomizeidentifiers=disabled At anytime later, you can enable this (if requierd) as follows:

  C:\windows\system32> netsh interface ipv6 set global randomizeidentifiers=enabled http://www.windowsreference.com/networking/disable-ipv6-random-identifier- in-windows-7-server- 2008-vista/