Question : 33
Network Access Protection (NAP) is configured for the corporate network.Users connect to the corporate network by using portable computers.The company policy requires confidentiality of data when the data is in transit between the portable computers and the servers.You need to ensure that users can access network resources only from computers that comply with the company policy.What should you do?
A. Create an IPSec Enforcement Network policy.
B. Create an 802.IX Enforcement Network policy.
C. Create a Wired Network (IEEE 802.3) Group policy.
D. Create an Extensible Authentication Protocol (EAP) Enforcement Network policy.
Answer : A
Question : 32
Your network contains two servers named Server1 and Server2 that run a Server Core installation of Windows Server 2008 R2. Server1 has the SNMP Service installed.You need to ensure that Server2 can send SNMP traps to Server1.What should you do?
A. On Server1, run oclistsnmp-sc.
B. On Server2, run oclistsnmp-sc.
C. On Server1, run dism /online /enable-feature /featurename:snmp-sc.
D. On Server2, run dism /online /enable-feature /featurename:snmp-sc.
Answer : D
Question : 19
Companys has opened a new branch office where 10 standalone servers run Windows Server 2008. To keep the servers updated with latest updates, you install WSUS on a server named Companys 3.Which of the following actions would you perform next to configure all of the servers to receive updates from Companys 3?
A. Use Control Panel to configure the Windows Update Settings on each server.
B. Run the wuauclt.exe /reauthorization command on each server.
C. Use the local group policy to configure the Windows Update Settings on each server.
D. Run the wuauclt.exe /detectnow command on each server.
E. None of the above
Answer : C
Question : 18
Your network contains two separate subnets named Subnet1 and Subnet2. Subnet1 contains a Windows Server Update Services (WSUS) server named Server1.Computers on Subnet1 can access resources on the Internet. Subnet2 is an isolated subnet.You deploy a new WSUS server named Server2 in Subnet2.
You need to replicate the metadata from Server1 to Server2.What should you do on Server1?
A. Run wsusutil.exe and specify the export parameter.
B. Run wsusutil.exe and specify the move content parameter.
C. Run wbadmin.exe and specify the start backup parameter.
D. Run wbadmin.exe and specify the start system state backup parameter.
Answer : A
Question : 17
You perform a security audit of a server named CRM1. You want to build a list of all DNS requests that are initiated by the server. You install the Microsoft Network Monitor 3.0 application on CRM1. You capture all local traffic on CRM1 for 24 hours. You save the capture file as data.cap. You find that the size of the file is more than 1 GB. You need to create a file named DNSdata.cap from the existing capture file that contains only DNS-related data. What should you do?
A. Apply the display filter !DNS and save the displayed frames as a DNSdata.cap file.
B. Apply the capture filter DNS and save the displayed frames as a DNSdata.cap file.
C. Add a new alias named DNS to the aliases table and save the file as DNSdata.cap.
D. Run the nmcap.exe /inputcapture data.cap /capture DNS /file DNSdata.cap command.
Answer : D
Question : 16
Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 has the Routing and Remote Access service (RRAS) role service installed. You need to view all inbound VPN packets. The solution must minimize the amount of data collected. What should you do?
A. From RRAS, create an inbound packet filter.
B. From Network Monitor, create a capture filter.
C. From the Registry Editor, configure file tracing for RRAS.
D. At the command prompt, run netsh.exe ras set tracing rasauth enabled.
Answer : B
Question : 15
Your network contains a server named Server1 that runs Windows Server 2008 R2. You have a user named User1. You need to ensure that User1 can schedule Data Collector Sets (DCSs) on Server1. The solution must minimize the number of rights assigned to User1. What should you do?
A. Add User1 to the Performance Log Users group.
B. Add User1 to the Performance Monitor Users group.
C. Assign the Profile single process user right to User1.
D. Assign the Bypass traverse checking user right to User1.
Answer : A
Question : 14
Your company has a network that has 100 servers. A server named Server1 is configured as a file server. Server1 is connected to a SAN and has 15 logical drives. You want to automatically run a data archiving script if the free space on any of the logical drives is below 30 percent. You need to automate the script execution. You create a new Data Collector Set. What should you do next?
A. Add the Event trace data collector.
B. Add the Performance counter alert.
C. Add the Performance counter data collector.
D. Add the System configuration information data collector.
Answer : B
Question : 13
Your company has deployed Network Access Protection (NAP) enforcement for VPNs. You need to ensure that the health of all clients can be monitored and reported. What should you do?
A. Create a Group Policy object (GPO) that enables Security Center and link the policy to the domain.
B. Create a Group Policy object (GPO) that enables Security Center and link the policy to the Domain Controllers organizational unit (OU).
C. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the domain.
D. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the Domain Controllers organizational unit (OU).
Answer : A
Question : 12
Your network contains a server named Server1.contoso.com. Server1 is located on the internal network. You have a client computer named Computer1 that runs Windows 7. Computer1 is located on a public network that is connected to the Internet. Computer1 is enabled for DirectAccess. You need to verify whether Computer1 can resolve Server1 by using DirectAccess. Which command should you run on Computer1?
A. nbtstat.exe Ca server1.contoso.com
B. netsh.exe dnsclient show state
C. nslookup.exe server1.contoso.com
D. ping.exe server1.contoso.com
Answer : D
Question : 11
Your network contains a Network Policy Server (NPS) named Server1. NPS1 provides authentication for all of the VPN servers on the network. You need to track the usage information of all VPN connections. Which RADIUS attribute should you log?
Question : 10
Your network contains a server named Server1 that runs Windows Server 2008 R2. You plan to deploy DirectAccess on Server1. You need to configure Windows Firewall on Server1 to support DirectAccess connections. What should you allow from Windows Firewall on Server1?
A. ICMPv6 Echo Requests
B. ICMPv6 Redirect
Question : 9
Your company has 10 servers that run Windows Server 2008 R2. The servers have Remote Desktop Protocol (RDP) enabled for server administration. RDP is configured to use default security settings. All administrators’ computers run Windows 7. You need to ensure the RDP connections are as secure as possible. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Set the security layer for each server to the RDP Security Layer.
B. Configure the firewall on each server to block port 3389.
C. Acquire user certificates from the internal certification authority.
D. Configure each server to allow connections only to Remote Desktop client computers that use Network Level Authentication.
Question : 8
Your network contains a Network Policy Server (NPS) named Server1. Server1 is configured to use SQL logging. You add a second NPS server named Server2. You need to ensure that Server2 has the same RADIUS authentication and logging settings as Server1. You export the NPS settings from Server1, and then import the settings to Server2. What should you do next on Server2?
A. Create a new ODBC data source.
B. Run netsh.exe nps reset config.
C. Manually configure the SQL logging settings.
D. Restart the Network Policy Server (NPS) role service.
Question : 7
Your company has an Active Directory forest that contains a single domain. The domain member server has an Active Directory Federation Services (AD FS) server role installed. You need to configure AD FS to ensure that AD FS tokens contain information from the Active Directory domain. What should you do?
A. Add and configure a new account store.
B. Add and configure a new account partner.
C. Add and configure a new resource partner.
D. Add and configure a Claims-aware application.