This page was exported from Download MCSE New Exam Questions From PassLeader [ http://www.mcsebibles.com ]
Export date: Wed Nov 22 3:32:39 2017 / +0000 GMT

[Pass Ensure VCE Dumps] Download Free 70-642 Study Guide With VCE Dumps Collection (261-280)


100% Pass 70-642 Exam: if you are preparing 70-642 exam and want to pass it exam easily, we recommend you to get the new 448q 70-642 exam questions from PassLeader, we PassLeader now are sharing the latest and updated 70-642 braindumps with VCE and PDF file, we have corrected all the new questions of our 70-642 VCE dumps and 70-642 PDF dumps and will help you 100% passing 70-642 exam.

keywords: 70-642 exam,448q 70-642 exam dumps,448q 70-642 exam questions,70-642 pdf dumps,70-642 vce dumps,70-642 braindumps,70-642 practice tests,70-642 study guide,TS: Windows Server 2008 Network Infrastructure, Configuring Exam

QUESTION 261
Your network contains an Active Directory forest. The functional level of the forest is Windows Server 2008 R2. You plan to deploy DirectAccess. You need to configure the DNS servers on your network to support DirectAccess. What should you do?

A.    Modify the GlobalQueryBlockList registry key and restart the DNS Server service.
B.    Modify the EnableGlobalNamesSupport registry key and restart the DNS Server service.
C.    Create a trust anchor that uses a certificate issued by an internal certification authority (CA).
D.    Create a trust anchor that uses a certificate issued by a publicly trusted certification authority (CA).

Answer: A
Explanation:
To remove ISATAP from the DNS global query block list:
1. Click Start, click All Programs, click Accessories, rightclick Command Prompt, and then click Run as administrator.
2. In the Command Prompt window, type dnscmd /config / globalqueryblocklist wpad, and then press ENTER.
3. Close the Command Prompt window.
OR
To remove ISATAP from the DNS global query block list on a DNS server:
1. Click Start, type regedit.exe, and then press ENTER.
2. In the console tree, open ComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDNS Parameters.
3. In the contents pane, double-click the GlobalQueryBlockList value.
4. In the Edit Multi-String dialog box, remove the name ISATAP from the list, and then click OK.
5. Start a command prompt as an administrator.
6. In the Command Prompt window, run the following commands:
net stop dns
net start dns
http://technet.microsoft.com/en-us/library/ee649158(v=ws.10).aspx

QUESTION 262
Your network contains a server named Server1.contoso.com. Server1 is located on the internal network. You have a client computer named Computer1 that runs Windows 7. Computer1 is located on a public network that is connected to the Internet. Computer1 is enabled for DirectAccess. You need to verify whether Computer1 can resolve Server1 by using DirectAccess. Which command should you run on Computer1?

A.    nbtstat.exe -a server1.contoso.com
B.    netsh.exe dnsclient show state
C.    nslookup.exe server1.contoso.com
D.    ping.exe server1.contoso.com

Answer: D

QUESTION 263
Your network contains a server named Server1 that runs Windows Server 2008 R2. You plan to deploy DirectAccess on Server1. You need to configure Windows Firewall on Server1 to support DirectAccess connections. What should you allow from Windows Firewall on Server1?

A.    ICMPv6 Echo Requests
B.    ICMPv6 Redirect
C.    IGMP
D.    IPv6-Route

Answer: A

QUESTION 264
Your network contains a computer named Computer1 that runs Windows 7. You need to verify if Computer1 has active DirectAccess connections to the network. What should you do?

A.    From Network Connections, right-click the active network connection, and then click Status.
B.    From Network Connections, select the active network connection, and then click Diagnose this connection.
C.    From Windows Firewall with Advanced Security, click Monitoring, and then click Connection Security Rules.
D.    From Windows Firewall with Advanced Security, click Monitoring, click Security Associations, and then click Main Mode.

Answer: D

QUESTION 265
Your network contains a Network Policy Server (NPS) named NPS1. You deploy a new NPS named NPS2. You need to ensure that NPS2 sends all authentication requests to NPS1. What should you modify on NPS2?

A.    health policies
B.    network policies
C.    RADIUS clients
D.    remote RADIUS server groups

Answer: D
Explanation:
NPS is RADIUS (Remote Authentication...). We need to configure NPS2 to use NPS1 for authentication.

QUESTION 266
Your network contains a Network Policy Server (NPS) named Server1. NPS1 provides authentication for all of the VPN servers on the network. You need to track the usage information of all VPN connections. Which RADIUS attribute should you log?

A.    Acct-Session-Id
B.    Acct-Status-Type
C.    Class
D.    NAS-Identifier

Answer: C

QUESTION 267
Your network contains a Network Policy Server (NPS) named Server1. Server1 is configured to use SQL logging. You add a second NPS server named Server2. You need to ensure that Server2 has the same RADIUS authentication and logging settings as Server1. You export the NPS settings from Server1, and then import the settings to Server2. What should you do next on Server2?

A.    Create a new ODBC data source.
B.    Run netsh.exe nps reset config.
C.    Manually configure the SQL logging settings.
D.    Restart the Network Policy Server (NPS) role service.

Answer: C

QUESTION 268
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and eu.contoso.com. You install a Network Policy Server (NPS) named Server1 in the contoso.com domain. You need to ensure that Server1 can read the dial-in properties of the user accounts in the eu.contoso.com domain. What should you do?

A.    In the contoso.com domain, add Server1 to the RAS and IAS Servers group.
B.    In the contoso.com domain, add Server1 to the Windows Authorization Access group.
C.    In the eu.contoso.com domain, add Server1 to the RAS and IAS Servers group.
D.    In the eu.contoso.com domain, add Server1 to the Windows Authorization Access group.

Answer: C

QUESTION 269
Your network contains a Network Policy Server (NPS) named Server1. You need to configure a network policy for a VLAN. Which RADIUS attributes should you add?

A.    Login-LAT-Service
Login-LAT-Node
Login-LAT-Group
NAS-Identifier
B.    Tunnel-Assignment-ID
Tunnel-Preference
Tunnel-Client-Auth-ID
NAS-Port-Id
C.    Tunnel-Client-Endpt
Tunnel-Server-Endpt
NAS-Port-Type
Tunnel-Password
D.    Tunnel-Medium-Type
Tunnel-Pvt-Group-ID
Tunnel-Type
Tunnel-Tag

Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc754422(v=ws.10).aspx

QUESTION 270
Your network contains two Active Directory forests named contoso.com and fabrikam.com. You have a standalone Network Policy Server (NPS) named NPS1. You have a VPN server named VPN1. VPN1 is configured as a RADIUS client to NPS1. You need to ensure that users from both forests can establish VPN connections by using their own domain accounts. What should you do?

A.    On NPS1, configure remediation server groups.
B.    On NPS1, configure connection request policies.
C.    On VPN1, modify the DNS suffix search order.
D.    On VPN1, modify the IKEv2 Client connection controls.

Answer: B
Explanation:
Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.
http://technet.microsoft.com/en-us/library/cc753603.aspx


http://www.passleader.com/70-642.html

QUESTION 271
Your network contains a Network Policy Server (NPS) named NPS1 and a network access server named NAS1. NAS1 is configured to use NPS1 for authentication and accounting. A firewall separates NPS1 and NAS1. You need to ensure that NAS1 can successfully send authentication and accounting messages to NPS1. Which ports should you allow through the firewall?

A.    TCP ports 80, 443, 389 and 1645
B.    TCP ports 88, 135, 139 and 1813
C.    UDP ports 53, 67, 68 and 69
D.    UDP ports 1812, 1813, 1645 and 1646

Answer: D
Explanation:
Configure NPS UDP port information:
Network Policy Server (NPS) uses for RADIUS authentication and accounting traffic By default, NPS listens for RADIUS traffic on ports 1812, 1813, 1645, and 1646 for both Internet Protocol version 6 (IPv6) and IPv4 for all installed network adapters.
http://technet.microsoft.com/en-us/library/cc731277(v=ws.10).aspx

QUESTION 272
Your network contains a Network Policy Server (NPS) named NPS1. NPS1 is configured for remote access account lockout. A domain user named User1 has been locked out by NPS1. You need to unlock the User1 user account on NPS1. What should you use?

A.    the Netsh tool
B.    the Network Policy Server console
C.    the Registry Editor
D.    the Routing and Remote Access console

Answer: C
Explanation:
Manually Unlock a Remote Access Client:
If the account is locked out, the user can try to log on again after the lockout timer has run out, or you can delete the DomainName:UserName value in the following registry key:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRemoteAccessParamete rsAccountLockout registry key.
To manually unlock an account, follow these steps:
Click Start, click Run, type regedit in the Open box, and then press ENTER.
Locate and then click the following registry key:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRemoteAccessParamete rsAccountLockout
Find the Domain Name:User Name value, and then delete the entry.
Quit Registry Editor.
Test the account to confirm that it is no longer locked out.
http://support.microsoft.com/kb/816118

QUESTION 273
Your network contains a server that runs Windows Server 2008 R2. You need to enable access- based enumeration (ABE) on a shared folder. Which console should you use?

A.    Disk Management
B.    File Server Resource Manager
C.    Share and Storage Management
D.    Storage Explorer

Answer: C

QUESTION 274
Your network contains a server that runs Windows Server 2008 R2. You have a shared folder named Data that is located on the C drive. The permissions for the Data folder are configured as shown in the following table.

A user named User1 is a member of Group1 and Group3. User1 reports that she cannot upload files to the share. You need to ensure that User1 can upload files to C: Data. The solution must minimize the number of permissions assigned to all users. What should you do?

A.    Add User1 to Group2.
B.    Remove User1 from Group1.
C.    Assign the Change share permission to Group1.
D.    Assign the Change share permission to Group3.

Answer: A

QUESTION 275
Your network contains an Active Directory domain. The domain contains a member server that runs Windows Server 2008 R2. You have a folder named Data that is located on the C drive. The folder has the default NTFS permissions configured. A support technician shares C:Data by using the File Sharing Wizard and specifies the default settings. Users report that they cannot access the shared folder. You need to ensure that all domain users can access the share. What should you do?

A.    Enable access-based enumeration (ABE) on the share.
B.    Assign the Read NTFS permission to the Domain Users group.
C.    From the Network and Sharing Center, enable public folder sharing.
D.    From the File Sharing Wizard, configure the Read permission level for the Domain Users group.

Answer: D

QUESTION 276
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2008 R2. All client computers run Windows 7. You discover that users can use Encrypting File System (EFS) when the smart cards on their computers are removed. You need to prevent the users from accessing EFS-encrypted files when their smart cards are removed. From the EFS properties, you click Require a smart card for EFS. What should you do next?

A.    Set the Elliptic Curve Cryptography to Allow.
B.    Set the Elliptic Curve Cryptography to Require.
C.    Disable the Allow delegating saved credentials setting.
D.    Disable the Create caching-capable user key from smart card option.

Answer: D

QUESTION 277
Your network contains a server named Server1. Server1 is configured as a BranchCache server. The cache is located at D:Branchcache. You need to remove all existing files and hashes from the cache. Which command should you run?

A.    hashgen.exe -d d:branchcache
B.    net.exe stop PeerDistSvc & net.exe start PeerDistSvc
C.    netsh.exe branchcache flush
D.    rd.exe d:branchcache /s /q

Answer: C
Explanation:
netsh branchcache flush - deletes the contents of the local BranchCache cache all cache from branchcache
http://technet.microsoft.com/pt-br/library/dd979561(v=ws.10).aspx#BKMK_2

QUESTION 278
Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 is located in a branch office. You view the BranchCache configuration of Server1 as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that client computers in the branch office retrieve cached files from Server1 only. What should you do on Server1?

A.    Install the BranchCache for Network Files role service.
B.    Install the Services for Network File System role service.
C.    Run netsh.exe branchcache set service mode=DISTRIBUTED.
D.    Run netsh.exe branchcache set service mode=HOSTEDSERVER.

Answer: D

QUESTION 279
Your network contains the servers shown in the following table.

Office1 and Office2 connect to each other by using a WAN link. Users in Office2 frequently access the same set of files stored in Data1. You need to reduce the amount of file transfer traffic across the WAN link. What should you add to Server1?

A.    the Background Intelligent Transfer Service (BITS) feature
B.    the BranchCache feature
C.    the BranchCache for network files role service
D.    the Distributed File System (DFS) role service

Answer: C

QUESTION 280
Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 is located in a branch office. You discover that users cannot obtain cached documents from Server1. The BranchCache configuration on Server1 is shown in the exhibit. (Click the Exhibit button.)

You need to ensure that Server1 hosts cached content for client computers in the branch office. What should you do?

A.    Enable Peer Discovery firewall rules.
B.    Set the Startup Type of the BranchCache service to Automatic, and then start the service.
C.    At the command prompt, run netsh.exe branchcache set service mode=DISTRIBUTED.
D.    At the command prompt, run netsh.exe branchcache set service mode=HOSTEDCLIENT.

Answer: B


http://www.passleader.com/70-642.html

Post date: 2015-10-21 07:39:12
Post date GMT: 2015-10-21 07:39:12
Post modified date: 2015-10-21 07:39:12
Post modified date GMT: 2015-10-21 07:39:12
Powered by [ Universal Post Manager ] plugin. HTML saving format developed by gVectors Team www.gVectors.com