QUESTION 1
Your corporate network has a member server named RAS1 that runs Windows Server 2008 R2. You configure RAS1 to use the Routing and Remote Access Services (RRAS). The company’s remote access policy allows members of the Domain Users group to dial in to RAS1. The company issues smart cards to all employees. You need to ensure that smart card users are able to connect to RAS1 by using a dial-up connection. What should you do?
A. Install the Network Policy Server (NPS) server role on RAS1.
B. Create a remote access policy that requires users to authenticate by using SPAP.
C. Create a remote access policy that requires users to authenticate by using EAP-TLS.
D. Create a remote access policy that requires users to authenticate by using MS-CHAP v2.
Answer: C
QUESTION 2
Your network contains one Active Directory domain. You have a member server named Server1 that runs Windows Server 2008 R2. The server has the Routing and Remote Access Services role service installed. You implement Network Access Protection (NAP) for the domain. You need to configure the Point-to-Point Protocol (PPP) authentication method on Server1. Which authentication method should you use?
A. Challenge Handshake Authentication Protocol (CHAP)
B. Extensible Authentication Protocol (EAP)
C. Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)
D. Password Authentication Protocol (PAP)
Answer: B
QUESTION 3
You deploy a Windows Server 2008 R2 VPN server behind a firewall. Remote users connect to the VPN by using portable computers that run Windows 7. The firewall is configured to allow only secured Web communications. You need to enable remote users to connect as securely as possible. You must achieve this goal without opening any additional ports on the firewall. What should you do?
A. Create an IPsec tunnel.
B. Create an SSTP VPN connection.
C. Create a PPTP VPN connection.
D. Create an L2TP VPN connection.
Answer: B
QUESTION 4
Your network contains a server that runs Windows Server 2008 R2. The server has the Network Policy and Access Services server role installed.
You need to allow only members of a global group named Group1 VPN access to the network.
What should you do?
A. Add Group1 to the RAS and IAS Servers group.
B. Add Group1 to the Network Configuration Operators group.
C. Create a new network policy and define a group-based condition for Group1. Set the access permission of the policy to Access granted. Set the processing order of the policy to 1.
D. Create a new network policy and define a group-based condition for Group1. Set the access permission of the policy to Access granted. Set the processing order of the policy to 3.
Answer: C
QUESTION 5
Network Access Protection (NAP) is configured for the corporate network. Users connect to the corporate network by using portable computers. The company policy requires confidentiality of data when the data is in transit between the portable computers and the servers. You need to ensure that users can access network resources only from computers that comply with the company policy. What should you do?
A. Create an IPsec Enforcement Network policy.
B. Create an 802.1X Enforcement Network policy.
C. Create a Wired Network (IEEE 802.3) Group policy.
D. Create an Extensible Authentication Protocol (EAP) Enforcement Network policy.
Answer: A
QUESTION 6
Your company uses Network Access Protection (NAP) to enforce policies on client computers that connect to the network. Client computers run Windows 7. A Group Policy is used to configure client computers to obtain updates from Windows Server Update Services (WSUS). Company policy requires that updates labeled Important and Critical must be applied before client computers can access network resources. You need to ensure that client computers meet the company policy requirement. What should you do?
A. Enable automatic updates on each client.
B. Enable the Security Center on each client.
C. Quarantine clients that do not have all available security updates installed.
D. Disconnect the connection until the required updates are installed.
Answer: C
QUESTION 7
Your company has deployed Network Access Protection (NAP) enforcement for VPNs.
You need to ensure that the health of all clients can be monitored and reported.
What should you do?
A. Create a Group Policy object (GPO) that enables Security Center and link the policy to the domain.
B. Create a Group Policy object (GPO) that enables Security Center and link the policy to the Domain Controllers organizational unit (OU).
C. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the domain.
D. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the Domain Controllers organizational unit (OU).
Answer: A
QUESTION 8
Your company has a server named FS1. FS1 hosts the domain-based DFS namespace named \\contoso.com\dfs. All domain users store their data in subfolders within the DFS namespace. You need to prevent all users, except administrators, from creating new folders or new files at the root of the \\contoso.com\dfs share.
What should you do?
A. Run the dfscmd.exe \\FS1\dfs /restore command on FS1.
B. Configure the NTFS permissions for the C:\DFSroots\dfs folder on FS1. Set the Create folders/append data special permission to Deny for the Authenticated Users group. Set the Full Control permission to Allow for the Administrators group.
C. Start the Delegate Management Permissions Wizard for the DFS namespace named \\contoso.com\dfs. Remove all groups that have the permission type Explicit except the Administrators group.
D. Configure the \\FS1\dfs shared folder permissions. Set the permissions for the Authenticated Users group to Reader. Set the permissions for the Administrators group to Co-owner.
Answer: D
QUESTION 9
Your company has a domain with multiple sites. You have a domain-based DFS namespace called \ \contoso.com\Management. The \\contoso.com\Management namespace hierarchy is updated frequently. You need to configure the \ \contoso.com\Management namespace to reduce the workload of the PDC emulator. What should you do?
A. Enable the Optimize for scalability option.
B. Enable the Optimize for consistency option.
C. Set the Ordering method option to Lowest cost.
D. Set the Ordering method option to Random order.
Answer: A
QUESTION 10
Your network contains a single Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Server1 and Server2 are namespace servers for the \\contoso.com\DFS1 namespace. You need to ensure that users only connect to the \\contoso.com\DFS1 namespace on Server1 if Server2 is unavailable. How should you configure the \\contoso.com\DFS1 namespace?
A. From the properties of the \\contoso.com\DFS1 namespace, modify the referrals settings.
B. From the properties of the \\contoso.com\DFS1 namespace, modify the advanced settings.
C. From the properties of the \\SERVER1\DFS1 namespace servers entry, modify the advanced settings.
D. From the properties of the \\SERVER2\DFS1 namespace servers entry, modify the advanced settings.
Answer: D
QUESTION 11
Your network contains a domain-based namespace named DFS1. DFS1 has Windows 2008 Server mode enabled. You need to ensure that only files and folders in DFS1 that users have permissions to access are displayed. What should you do?
A. Disable referrals.
B. Modify the system access control list.
C. Enable access-based enumeration (ABE).
D. Modify the discretionary access control list.
Answer: C
QUESTION 12
Your network contains an Active Directory domain.
You have a print server named Server1 that runs Windows Server 2008 R2.
You deploy a new print device and create a shared printer.
You need to ensure that only members of a group named Marketing can print color documents on the new print device. All other users must only be able to print black and white documents on the new print device.
What should you do?
A. Create a printer port.
B. Create a second shared printer.
C. Modify the Active Directory printer object.
D. Modify the properties of the shared printer.
Answer: B
QUESTION 13
Your network contains two Windows Server Update Services (WSUS) servers named Server1 and Server2. Server1 is a member of a domain named contoso.com. Server2 is a standalone server. Server2 is configured as an autonomous downstream server. You need to ensure that all updates approved on Server1 are automatically approved on Server2. Which options should you modify?
A. Automatic Approvals
B. Products and Classifications
C. Synchronization Schedule
D. Update Source and Proxy Server
Answer: D
QUESTION 15
Your network contains a Windows Server Update Services (WSUS) server. You have an organizational unit (OU) named Sales. The Sales OU contains all of the computer objects for the sales department. You enable client-side targeting for the Sales OU and set the target group name to Sales-Computers. You restart a sales computer. You discover that the computer is not added to the Sales-Computer computer group in WSUS. You need to ensure that all sales computers are added to the Sales-Computers group. Which options should you configure?
A. Automatic Approvals
B. Computers
C. Personalization
D. Products and Classifications
Answer: B
QUESTION 16
You create a Data Collector Set (DCS). You need prevent the DCS from logging data if the server has less than 1 GB of available disk space. What should you do?
A. Create a passive file screen.
B. Create an active file screen.
C. Modify the Data Manager settings of the DCS.
D. Modify the Stop Conditions settings of the DCS.
Answer: C
QUESTION 17
Your network contains a server named Server1 that runs Windows Server 2008 R2. You discover that the server unexpectedly shut down several times during the past week. You need to identify what caused the shutdowns and which software was recently installed. What should you click from Action Center?
A. Maintenance, and then View reliability history
B. Troubleshooting, and then Programs
C. Troubleshooting, and then System and Security
D. Troubleshooting, and then View history
Answer: A
QUESTION 18
You need to document the following configurations of a server that runs Windows Server 2008 R2:
– System services
– Startup programs
– Hardware configuration
– Current CPU, network, disk, and memory utilization
Which command should you run?
A. mrinfo.exe localhost
B. msinfo32.exe
C. perfmon.exe /report
D. systeminfo.exe
Answer: C
QUESTION 19
Your network contains a server that runs Windows Server 2008 R2.
You need to create a script to identify known configuration issues.
What should you include in the script?
A. the Get-BPAModel cmdlet
B. the Invoke-BPAModel cmdlet
C. the Mrinfo tool
D. the Systeminfo tool
Answer: B
QUESTION 20
Your network contains a server named Server1 that runs Windows Server 2008 R2.
You need to identify which processes perform the most disk writes and disk reads per second.
Which tool should you use?
A. Disk Management
B. Reliability Monitor
C. Resource Monitor
D. Storage Explorer
Answer: C
Passleader Now Offer High-quality 70-642 Test Dumps With Big Discount And 100% Pass